[jcifs] NTLM issue

Yannick yannick at smellyfrog.com
Wed Mar 15 09:59:44 GMT 2006


I have a user who used to be able to logon to my Intranet site using
SSO. Her account expired and we had to change the password on the AD 
server when we
re-enabled it. Since then, SSO doesn't work for that user when using IE
to connect.

I.e. when I set JCIFS logs level to 9, I can see an error in the 
authentication saying wrong username or password.

The funny thing is that FireFox allows that user to connect. The NTLM
string returned is different from the one returned by IE though.

This leads me to belive that IE is using cached credentials to perform
an NTLM challenge response.

I know how to stop Windows from storing the credentials. If I set the
Local Policy "Network access: Do not allow storage of credentials or
.NET Passports..." to Enabled, then the user can use SSO again. BUT,
and that's freaky, if I reset the value to Disabled (The default
value), the user can no longer use SSO.

Does anyone knows how to clear the storage of credentials on windows?
How long are credentials stored for? 24 hours, 10 days, 30 days or


More information about the jcifs mailing list