[jcifs] NTLM authentication with Windows 2003 Server - not really
solved
Thomas Bley
thomas.bley at simple-groupware.de
Sat Oct 21 10:43:08 GMT 2006
Thanks,
For the webdisk this is not a big issue because most people already use
the basic authentication due to configuration and patch problems with IE.
I've updated the webdisk documentation for this issue:
http://www.simplegroupware.de/cms/WebDisk/Limitations
bye
Thomas
Michael B Allen wrote:
> On Sat, 21 Oct 2006 01:54:17 +0200
> Thomas Bley <thomas.bley at simple-groupware.de> wrote:
>
>
>> Hello Mike,
>>
>> sorry, I haven't read the docu completely ... so here is a new one that
>> should show the following problem:
>> signing is enabled, the browser uses NTLM HTTP authentication, and this
>> fails with "access denied" (as described in the documentation). Then the
>> user tries a basic auth by providing the password in plain text, but the
>> transport is still open and the authentication fails. Then the transport
>> times out, and the basic authentication can be done without any problems
>> with a new transport.
>>
>> When signing is enabled and the NTLM Http authentication fails, I think
>> it should be possible to do a basic authentication with a plaintext
>> password over the same transport ? (I haven't changed ssnLimit)
>>
>
> I see, so if someone is logged without domain credentials and the Filter
> falls back to Basic you get access denied when signing is enabled?
>
> Yeah, that's a bug. I don't know why that would happen since if NTLM
> over HTTP fails the signing digest should not have been initialized /
> installed. But I'll put this on The List for investigation. Probably
> just need to find out why the signing digest is getting installed and
> either prevent that behavior or uninstall it in the event of failure.
>
> Thanks,
> Mike
>
> PS: Don't bother to send big long logs to the list. They don't make it
> due to the size limit and they're not really that useful.
>
>
More information about the jcifs
mailing list