[jcifs] NTLMv2 / Alternative?

Michael B Allen mba2000 at ioplex.com
Wed Jan 5 23:46:00 GMT 2005

David Pease said:
> Hi. I'm looking for some advice on the following:
> I've used jCIFS for NTLM authentication on a Java web app and it's worked
> a
> treat, up until it's been deployed on a customer's network (Win2k3, AD)
> which is
> configured to only accept NTLMv2 (lmcompatibility=5?). Apparently, the
> customer
> refuses to change this.

I believe LMv2 support works. Try lmCompatibility=3 and see what happends.
There was recently a report of a problem LMv2 that we believe was fixed
but I don't recall hearing anything back about it.

> So, I can't currently use jCIFS, but I'd like to know of any alternatives
> around
> which could be used instead. Does anyone have a rough idea of when jCIFS
> will be
> supporting NTLMv2?
> Could Kerberos be used in this situation? If so, any info would be
> gratefully
> received, as I know nothing about Kerberos so far (e.g. how does the
> DOMAIN\USERNAME format map to the USER at REALM Kerberos format?). Can I use
> Kerberos to automatically log users into the web app using IE?

Yes, you can do kerberos. I believe the jcifs-ext package shows how to use
NTLM HTTP auth with Kerberos to authenticate users although it doesn't use
jcifs to talk to the DC. It talk to the KDC directly through the builtin
Java 1.4 kerberos support. It's not as easy as plain NTLM because it's not
a nice neat package and jcifs-ext is a little out of date but I believe
people do use it.


More information about the jcifs mailing list