[jcifs] NTLM authentication with Windows 2003 Server - not really solved

Thomas Bley thomas.bley at simple-groupware.de
Sat Oct 21 10:43:08 GMT 2006

For the webdisk this is not a big issue because most people already use 
the basic authentication due to configuration and patch problems with IE.
I've updated the webdisk documentation for this issue:


Michael B Allen wrote:
> On Sat, 21 Oct 2006 01:54:17 +0200
> Thomas Bley <thomas.bley at simple-groupware.de> wrote:
>> Hello Mike,
>> sorry, I haven't read the docu completely ... so here is a new one that 
>> should show the following problem:
>> signing is enabled, the browser uses NTLM HTTP authentication, and this 
>> fails with "access denied" (as described in the documentation). Then the 
>> user tries a basic auth by providing the password in plain text, but the 
>> transport is still open and the authentication fails. Then the transport 
>> times out, and the basic authentication can be done without any problems 
>> with a new transport.
>> When signing is enabled and the NTLM Http authentication fails, I think 
>> it should be possible to do a basic authentication with a plaintext 
>> password over the same transport ? (I haven't changed ssnLimit)
> I see, so if someone is logged without domain credentials and the Filter
> falls back to Basic you get access denied when signing is enabled?
> Yeah, that's a bug. I don't know why that would happen since if NTLM
> over HTTP fails the signing digest should not have been initialized /
> installed. But I'll put this on The List for investigation. Probably
> just need to find out why the signing digest is getting installed and
> either prevent that behavior or uninstall it in the event of failure.
> Thanks,
> Mike
> PS: Don't bother to send big long logs to the list. They don't make it
> due to the size limit and they're not really that useful.

More information about the jcifs mailing list