[jcifs] username dialog syntax changes

Michael B Allen mba2000 at ioplex.com
Mon Nov 13 16:37:01 GMT 2006 

All changes to Type3Message.java have been rolled back. No changes
to ntlmssp package.

Thanks Eric,
Mike

On Sun, 12 Nov 2006 20:03:54 -0500
"Eric Glass" <eric.glass at gmail.com> wrote:

> See the followup here:
> 
> http://lists.samba.org/archive/jcifs/2006-March/006019.html
> 
> It actually worked without the patch.
> 
> On 11/11/06, Michael B Allen <mba2000 at ioplex.com> wrote:
> > Patch applied.
> >
> > --- Type3Message.java.orig      2005-11-18 17:21:24.000000000 -0600
> > +++ Type3Message.java   2006-03-21 15:46:52.000000000 -0600
> > @@ -578,6 +578,13 @@
> >          if (ntResponse.length == 24) setNTResponse(ntResponse);
> >          setDomain(new String(domain, charset));
> >          setUser(new String(user, charset));
> > +        if ("".equals(this.domain)) {
> > +            int atIndex = this.user.indexOf('@');
> > +            if (atIndex != -1) {
> > +                setDomain(this.user.substring(atIndex + 1));
> > +                setUser(this.user.substring(0, atIndex));
> > +            }
> > +        }
> >          setWorkstation(new String(workstation, charset));
> >      }
> >  }
> >
> > On Thu, 23 Mar 2006 15:07:49 -0500
> > Michael B Allen <mba2000 at ioplex.com> wrote:
> >
> > > On Wed, 22 Mar 2006 11:04:29 -0600
> > > "Tapperson Kevin" <Kevin.Tapperson at hcahealthcare.com> wrote:
> > >
> > > > Another developer here has brought to my attention that Microsoft now
> > > > supports 2 different formats for entering your userid in the NTLM
> > > > challenge popup.  It can be entered using the old format of
> > > > <domain>\<userid> or it can now be entered using the new format of
> > > > <userid>@<domain>.  (This is only available/allowed on XP and Windows
> > > > 2003 machines where the NTLM challenge pop-up does not contain an
> > > > explicit domain field.)  Attached are 2 packet captures showing the same
> > > > user authenticating to IIS using each format.  (Both are from Ethereal
> > > > in libpcap format.)
> > > >
> > > > In the old format, the NTLM type 3 message domain field contains the
> > > > domain and the username field contains the userid.  In the new format,
> > > > the NTLM type 3 message domain field is NULL and the username field
> > > > contains both the domain and userid specified as <userid>@<domain>.
> > >
> > > Actually I'm pretty sure thats actually the realm and not the domain
> > > and the realm is not necessarily the same as the domain. In a large
> > > organization there can be many domains for a given realm.
> > >
> > > I'll apply the patch because I don't want to bother myself with the
> > > correct fix but for future reference I think the correct fix would be
> > > to use RFC 2052 SRV DNS lookups to find the domain controller for the
> > > particular realm.
> > >
> > > Mike
> > >
> >
> >
> > --
> > Michael B Allen
> > PHP Active Directory SSO
> > http://www.ioplex.com/
> >
> 


-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/

More information about the jcifs mailing list