[jcifs] http ntml authentication and then access resources

Michael B Allen mba2000 at ioplex.com
Thu Mar 31 22:49:56 GMT 2005


leostone said:
> hi there i am new to all this smb stuff, i got quite close to what i need
> to do, but now
> i need a little help.
> my problem is that i not only want users to be authenticated by the http
> authentication
> mechanism, but i want to use the returned auth object
> (NtlmSsp.authenticate) also to access resources
> in the domain. If i understand everything right, this method takes the 8
> byte challange from a domain
> contoller, sends it to the http client, the client returns the correctly
> encrypted hashes which then
> are checked by the domain controller. so far, so good!
> now the question is, how can i use the auth object to access resources on
> some machine in that domain?
> i dont think i can, since a different machine will use a different
> challenge than the domain controller
> and using the hashes used for the domain controller will fail.

That's exactly right. You cannot use the negotiated
NtmlPasswordAuthentication object to access resources on server other than
the one from which the challenge originated (which isn't very useful
because accessing files on the domain controller probably isn't what you
want).

However, note that you can simply write your application to authenticate
against the target server rather than a central authority. This is what
Davenport and the NetworkExplorer servlet do.

Another solution is to use Kerberos with extended security. That is not
supported yet but it is the #1 item for 2.0.

Mike


More information about the jcifs mailing list