[jcifs] username dialog syntax changes
Eric Glass
eric.glass at gmail.com
Mon Nov 13 01:03:54 GMT 2006
See the followup here:
http://lists.samba.org/archive/jcifs/2006-March/006019.html
It actually worked without the patch.
On 11/11/06, Michael B Allen <mba2000 at ioplex.com> wrote:
> Patch applied.
>
> --- Type3Message.java.orig 2005-11-18 17:21:24.000000000 -0600
> +++ Type3Message.java 2006-03-21 15:46:52.000000000 -0600
> @@ -578,6 +578,13 @@
> if (ntResponse.length == 24) setNTResponse(ntResponse);
> setDomain(new String(domain, charset));
> setUser(new String(user, charset));
> + if ("".equals(this.domain)) {
> + int atIndex = this.user.indexOf('@');
> + if (atIndex != -1) {
> + setDomain(this.user.substring(atIndex + 1));
> + setUser(this.user.substring(0, atIndex));
> + }
> + }
> setWorkstation(new String(workstation, charset));
> }
> }
>
> On Thu, 23 Mar 2006 15:07:49 -0500
> Michael B Allen <mba2000 at ioplex.com> wrote:
>
> > On Wed, 22 Mar 2006 11:04:29 -0600
> > "Tapperson Kevin" <Kevin.Tapperson at hcahealthcare.com> wrote:
> >
> > > Another developer here has brought to my attention that Microsoft now
> > > supports 2 different formats for entering your userid in the NTLM
> > > challenge popup. It can be entered using the old format of
> > > <domain>\<userid> or it can now be entered using the new format of
> > > <userid>@<domain>. (This is only available/allowed on XP and Windows
> > > 2003 machines where the NTLM challenge pop-up does not contain an
> > > explicit domain field.) Attached are 2 packet captures showing the same
> > > user authenticating to IIS using each format. (Both are from Ethereal
> > > in libpcap format.)
> > >
> > > In the old format, the NTLM type 3 message domain field contains the
> > > domain and the username field contains the userid. In the new format,
> > > the NTLM type 3 message domain field is NULL and the username field
> > > contains both the domain and userid specified as <userid>@<domain>.
> >
> > Actually I'm pretty sure thats actually the realm and not the domain
> > and the realm is not necessarily the same as the domain. In a large
> > organization there can be many domains for a given realm.
> >
> > I'll apply the patch because I don't want to bother myself with the
> > correct fix but for future reference I think the correct fix would be
> > to use RFC 2052 SRV DNS lookups to find the domain controller for the
> > particular realm.
> >
> > Mike
> >
>
>
> --
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/
>
More information about the jcifs
mailing list