[jcifs] Account locks in AD - is this a BUG with JCIFS?
Michael B Allen
mba2000 at ioplex.com
Wed Jun 29 01:05:48 GMT 2005
Applied in 1.2.1 to be released RSN.
> On Fri, 24 Jun 2005 13:18:25 -0500
> "Tapperson Kevin" <Kevin.Tapperson at hcahealthcare.com> wrote:
>> I think I had previously posted a fix for this problem. The
>> jcifs.ntlmssp.Type3Message.parse method can be changed as follows:
>> remove this line:
>> if (LM_COMPATIBILITY < 3) setNTResponse(ntResponse);
>> add this line in its place:
>> // NTLMv2 issues w/cross-domain authentication; leave NT empty
>> if NTLMv2 was sent by the client
>> // NTLM response will always be 24 bytes; NTLMv2 response will
>> always be longer
>> if (ntResponse.length == 24) setNTResponse(ntResponse);
>> The above code detects whether the user is sending an NTLMv1 or NTLMv2
>> response and acts appropriately (by only removing the NTLMv2 hash). It
>> takes care of both cases as described above.
>> -----Original Message-----
>> From: jcifs-bounces+kevin.tapperson=hcahealthcare.com at lists.samba.org
>> [mailto:jcifs-bounces+kevin.tapperson=hcahealthcare.com at lists.samba.org]
>> On Behalf Of Michael B Allen
>> Sent: Friday, June 24, 2005 12:42 PM
>> To: Tazwell Jeffries
>> Cc: jcifs at lists.samba.org
>> Subject: Re: [jcifs] Account locks in AD - is this a BUG with JCIFS?
>> On Fri, 24 Jun 2005 14:13:04 +0100
>> "Tazwell Jeffries" <taswell.jeffries at perspicuity.co.uk> wrote:
>> > HI,
>> > We have implemented Single SignOn for one of our WebApplications - and
>> we found that when we tried implementing it - we got a large number of
>> accounts locked out in AD.
>> > The version of JCIFS that was used is 1.1.11..
>> Post your filter section from your web.xml and any exceptions you have
>> in your log.
More information about the jcifs