[jcifs] username dialog syntax changes

Michael B Allen mba2000 at ioplex.com
Sun Nov 12 01:21:42 GMT 2006 

Patch applied.

--- Type3Message.java.orig      2005-11-18 17:21:24.000000000 -0600
+++ Type3Message.java   2006-03-21 15:46:52.000000000 -0600
@@ -578,6 +578,13 @@
         if (ntResponse.length == 24) setNTResponse(ntResponse);
         setDomain(new String(domain, charset));
         setUser(new String(user, charset));
+        if ("".equals(this.domain)) {
+            int atIndex = this.user.indexOf('@');
+            if (atIndex != -1) {
+                setDomain(this.user.substring(atIndex + 1));
+                setUser(this.user.substring(0, atIndex));
+            }
+        }
         setWorkstation(new String(workstation, charset));
     }
 }

On Thu, 23 Mar 2006 15:07:49 -0500
Michael B Allen <mba2000 at ioplex.com> wrote:

> On Wed, 22 Mar 2006 11:04:29 -0600
> "Tapperson Kevin" <Kevin.Tapperson at hcahealthcare.com> wrote:
> 
> > Another developer here has brought to my attention that Microsoft now
> > supports 2 different formats for entering your userid in the NTLM
> > challenge popup.  It can be entered using the old format of
> > <domain>\<userid> or it can now be entered using the new format of
> > <userid>@<domain>.  (This is only available/allowed on XP and Windows
> > 2003 machines where the NTLM challenge pop-up does not contain an
> > explicit domain field.)  Attached are 2 packet captures showing the same
> > user authenticating to IIS using each format.  (Both are from Ethereal
> > in libpcap format.)
> > 
> > In the old format, the NTLM type 3 message domain field contains the
> > domain and the username field contains the userid.  In the new format,
> > the NTLM type 3 message domain field is NULL and the username field
> > contains both the domain and userid specified as <userid>@<domain>.
> 
> Actually I'm pretty sure thats actually the realm and not the domain
> and the realm is not necessarily the same as the domain. In a large
> organization there can be many domains for a given realm.
> 
> I'll apply the patch because I don't want to bother myself with the
> correct fix but for future reference I think the correct fix would be
> to use RFC 2052 SRV DNS lookups to find the domain controller for the
> particular realm.
> 
> Mike
> 


-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

More information about the jcifs mailing list