[jcifs] SPNEGO Kerberos in jCIFS

Michael B Allen mba2000 at ioplex.com
Fri Jul 21 17:49:33 GMT 2006

I will not be doing new development on jCIFS. For a long time I was in
a great position to work on it but at this point I don't think I can
do anything but maintainence releases once or twice a year. We might as
well make this clear now so that someone might pick up with new work.

As for SSO it looks like there is some minor movement there. In particular
I think I saw jboss took jcifs-ext and fixed it up. If you want "Free"
then and you're just looking for SSO for the web I would encourage someone
to start a new project to make a LogonModule based filter (or whatever
the expected procedure is) and take jcifs-ext, the latest jcifs, and any
work the jboss guys did, and create the necessary LogonModules. Make
it work nice with GSSAPI Kerberos, NTLMSSP, raw NTLM via Basic, etc,
work out cluster problems etc, etc, etc.

Otherwise, if you're not talking about HTTP authentication then someone
is going to need to get low down into SmbComSessionSetupAndX, do extended
security, etc. I started to do this and I can provide that code to anyone
who asks but there is explaination necessary if someone wants to look
at it so ask first.


On Fri, 21 Jul 2006 11:49:58 -0500
"Ghouse, Sherjeel" <Sherjeel.Ghouse at molex.com> wrote:

> Mike,
> Moving forward, will jCIFS provide SPNEGO Kerberos Authentication by
> leveraging Windows Integrated Authentication in IE ? We did implem
> Kerberos using JAAS Login modules(Out of box NTLoginModule,
> Krb5LoginModule) in desktop applications. The challenge is to get TGT in
> browser environments and authenticate to a KDC/Realm. The sweetest thing
> about jCIFS is its ability to perform NTLM Single Sign-on and it works
> great in our environment. My only concern is the changes in Domain
> Controllers in fututre (like SMB signing enabled in Windows 2003) could
> cause lots of problems.  Is NTLM negotiate - Kerberos an option ?
> Please advise.
> Regards,
> Sherjeel
> CONFIDENTIALITY NOTICE: This message (including any attachments) may contain Molex confidential information, protected by law. If this message is confidential, forwarding it to individuals, other than those with a need to know, without the permission of the sender, is prohibited.
> This message is also intended for a specific individual. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message or taking of any action based upon it, is strictly prohibited. 
> Chinese  Japanese
> www.molex.com/confidentiality.html

Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization

More information about the jcifs mailing list