[jcifs] username dialog syntax changes
Michael B Allen
mba2000 at ioplex.com
Thu Mar 23 20:07:49 GMT 2006
On Wed, 22 Mar 2006 11:04:29 -0600
"Tapperson Kevin" <Kevin.Tapperson at hcahealthcare.com> wrote:
> Another developer here has brought to my attention that Microsoft now
> supports 2 different formats for entering your userid in the NTLM
> challenge popup. It can be entered using the old format of
> <domain>\<userid> or it can now be entered using the new format of
> <userid>@<domain>. (This is only available/allowed on XP and Windows
> 2003 machines where the NTLM challenge pop-up does not contain an
> explicit domain field.) Attached are 2 packet captures showing the same
> user authenticating to IIS using each format. (Both are from Ethereal
> in libpcap format.)
>
> In the old format, the NTLM type 3 message domain field contains the
> domain and the username field contains the userid. In the new format,
> the NTLM type 3 message domain field is NULL and the username field
> contains both the domain and userid specified as <userid>@<domain>.
Actually I'm pretty sure thats actually the realm and not the domain
and the realm is not necessarily the same as the domain. In a large
organization there can be many domains for a given realm.
I'll apply the patch because I don't want to bother myself with the
correct fix but for future reference I think the correct fix would be
to use RFC 2052 SRV DNS lookups to find the domain controller for the
particular realm.
Mike
More information about the jcifs
mailing list