[jcifs] Re: NTLM http client uses Sun NTLM coming with JVM 1.4.2_10 instead of jcifs

[Michael B Allen]

On Fri, 03 Feb 2006 16:56:35 +0100
Oliver Schoett <os at sdm.de> wrote:

> My Chi Doan wrote:
> > 2) When using System JVM (version 1.4.2_10), regardless which login 
> > and password is used in the url above, always the user, who is logged 
> > in on the PC, is got authenticated. E.g. xxx works on PC of yyy and 
> > tries to call the ntlm client with his own NT login and password. The 
> > authenticaton is always perfomed for user yyy instead of xxx.
> > It looks like in this case the Sun's NTLM is used instead of jcifs.
> Hmm, this is the third time this has been asked since Jan 25.  Maybe it 
> should become an entry in the Documentation and/or FAQ:
> 
>     NTLM authentication of HTTP requests works automatically in Sun JRE
>     1.4.2_02 and higher on Windows (including Java 5, but I haven't
>     tested that): When you make an HTTP request to a Web server that
>     requires Windows authentication, an NTLM authentication attempt is
>     made automatically and transparently with the user's Windows
>     credentials (see Java Bug 4857110).  Only when that attempt fails
>     the java.net.Authenticator class is invoked to get a user name and
>     password.
> 
>     See also
>     http://java.sun.com/j2se/1.4.2/docs/guide/net/properties.html#ntlm
> 
> I do not know how to turn off the initial NTLM authentication with the 
> Windows user credentials.

The correct way to resolve this issue would be to provide a full
blown HTTP client rather than just wrap calls to the included Sun
HTTP client. But it would be nice if there was a way to disable NTLM
negotiation so that JCIFS can still work.

Mike