[jcifs] NTLM authentication with Windows 2003 Server - not really solved

Michael B Allen mba2000 at ioplex.com
Sat Oct 21 00:34:51 GMT 2006

On Sat, 21 Oct 2006 01:54:17 +0200
Thomas Bley <thomas.bley at simple-groupware.de> wrote:

> Hello Mike,
> sorry, I haven't read the docu completely ... so here is a new one that 
> should show the following problem:
> signing is enabled, the browser uses NTLM HTTP authentication, and this 
> fails with "access denied" (as described in the documentation). Then the 
> user tries a basic auth by providing the password in plain text, but the 
> transport is still open and the authentication fails. Then the transport 
> times out, and the basic authentication can be done without any problems 
> with a new transport.
> When signing is enabled and the NTLM Http authentication fails, I think 
> it should be possible to do a basic authentication with a plaintext 
> password over the same transport ? (I haven't changed ssnLimit)

I see, so if someone is logged without domain credentials and the Filter
falls back to Basic you get access denied when signing is enabled?

Yeah, that's a bug. I don't know why that would happen since if NTLM
over HTTP fails the signing digest should not have been initialized /
installed. But I'll put this on The List for investigation. Probably
just need to find out why the signing digest is getting installed and
either prevent that behavior or uninstall it in the event of failure.


PS: Don't bother to send big long logs to the list. They don't make it
due to the size limit and they're not really that useful.

More information about the jcifs mailing list