Fwd: [jcifs] Re: NTLM http client uses Sun NTLM coming with JVM 1.4.2_10 instead of jcifs

Richard Caper rcaper at gmail.com
Tue Feb 7 10:58:40 GMT 2006

Forgot to copy list.

---------- Forwarded message ----------
From: Richard Caper <rcaper at gmail.com>
Date: Feb 7, 2006 5:58 AM
Subject: Re: [jcifs] Re: NTLM http client uses Sun NTLM coming with
JVM 1.4.2_10 instead of jcifs
To: Oliver Schoett <os at sdm.de>

He is talking about the JCIFS client piece.  The specific use case
would be you want to provide specific credentials and connect to an
NTLM site (could be JCIFS, could be IIS).  The JCIFS HttpURLConnection
wrapper allows you to do this on non-Windows clients.  On Windows the
built-in JVM handler automatically uses the logged in user credentials
and bypasses the JCIFS handler.

As noted this is probably a pretty rare scenario (i.e. you would
usually want the out-of-box JVM behavior, and would only need JCIFS on
non-Windows clients to approximate the Windows behavior).  If you do
need to use it on a Windows client there is a hacky way to disable the
JVM handler from automatically authenticating:

System.setProperty("os.name", "something else");

i.e. the Sun handler tests if the local OS is Windows when determining
whether NTLM is supported (since it uses native calls).

On 2/6/06, Oliver Schoett <os at sdm.de> wrote:
> Michael B Allen wrote:
> > [...] it would be nice if there was a way to disable NTLM
> > negotiation so that JCIFS can still work.
> >
> I am a bit confused by this sentence.  JCIFS on the server works
> perfectly fine with a Sun JRE on a Windows Client in the vast majority
> of cases:
>     * If your Windows credentials are accepted by the server, you are
>       logged in automatically.  This is the case that is important to
>       compete with the Windows technologies in a corporate environment
>       and probably covers >90% of users.
>     * If your Windows credentials are not accepted by the server, the
>       java.net.Authenticator is invoked, i. e., you are prompted for
>       username/password as usual.  This probably covers another >5% of
>       users.
>     * The only problem occurs if your Windows credentials are accepted
>       by the server, but you want to use a *different* user identity.
>       This does not seem possible unless the automatic login by Sun's
>       HTTP client can be turned off.  However, I consider this a rare
>       case (<5%).
> Regards,
> Oliver Schoett

More information about the jcifs mailing list