[jcifs] jCIFS NTLM and keep-alive
Michael B Allen
mba2000 at ioplex.com
Tue Oct 26 23:17:01 GMT 2004
Tapperson Kevin said:
> In a recent post to the jCIFS topic, it was mentioned that the jCIFS NTLM
> filter depends on the keep-alive settings/capabilities of the app server.
> Can you please explain the need for keep-alive support? Where does
> keep-alive support need to be enabled; at the app server? What about if
> there is a web server in front of the app server; does the web server need
> to have keep-alive enabled?
Look here:
http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication
In particular see item 3. The reason Keep-Alive is required is because the
NTLM HTTP negotiation requires exchanging 3 security messages
(C->S,S->C,C->S) to establish a security context. If the session is closed
the client (IE) will reason that the negotiation is not secure and start
over.
I am not familiar with where keep-alive behavior is controlled. In my
experience HTTP 1.1 compliant servers support it and have it on by
default. It's not something you need to enable.
Remember folks, this NTLM HTTP Authentication protocol is a Microsoft-ism
that is not strictly HTTP compliant so success or failure will depend on
your particular application server. My only consolation to you is that I
think newer app-server vendors have accepted that this protocol is
desirable for corporate intranets and make extra effort to support it.
Mike
More information about the jcifs
mailing list