[jcifs] Re: JCIFS on a cluster

Michael B Allen mba2000 at ioplex.com
Sun Feb 19 22:00:40 GMT 2006


On Sun, 19 Feb 2006 21:17:13 +0100
Oliver Schoett <os at sdm.de> wrote:

> Michael B Allen wrote:
> > Your easiest, quickest solution is to switch to Kerberos GSSAPI
> > HTTP authentication. That will work in a cluster environment
> > because the credential is sent in a single token.
> >   
> Sounds nice, but are there free Java implementations of the client and 
> server side?

The jcifs-ext package on SourceForge. Note that the Kerberos
authentication part of that package doesn't really have anything to
do with jcifs. It would be a great project for someone to take the
Kerberos code from that and the NTLM code from jCIFS and bundle it into
an OSS Filter for Java that offers Negotiate, NTLM, and Basic/NTLM with
all the ammenties that people look for with login pages, multi-domain,
proper fallback etc. You could also extract the PAC from the ticket and
resolve the SIDs using LDAP to implement isInRole.

> Most clusters will support "session affinity" in some way, which means 
> that requests from the same client go to the same server if possible. 
> This helps performance, for example, because the session data structures 
> do not need to be reconstructed on another server.
> 
> Regards,
> 
> Oliver Schoett
> 


More information about the jcifs mailing list