[jcifs] NTLM and JCIFS: architecture/protocols

Michael B Allen mba2000 at ioplex.com
Mon Feb 19 18:20:12 GMT 2007

On Mon, 19 Feb 2007 17:00:19 +0000
"Alastair Green" <alastair.j.green at hotmail.co.uk> wrote:

> Eric, Chris:
> Thank you very much for these detailed replies.
> A couple of follow-on questions, if you don't mind.
> 1) I mentioned NTLMSSP as if it were a library that provided client access 
> to a DC. Is it that, or is it a service that then accesses the DC behind the 
> scenes? In other words are we dealing with three net hops (browser to 
> server, server to NTMSSP service, NTLMSSP to DC) or two (browser to server, 
> server to DC via NTMLSSP as a library)?
> 2) I read in one of the references you supplied that Kerberos is the 
> "default authentication protocol" for NTLMSSP, or a similar statement. What 
> exactly is the relationship between CIFS and Kerberos? The latest version of 
> JCIFS is billed as supporting Kerberos, for example, implying that 
> previously it was not using Kerberos?

Try this:


It has a good concise list of definitions and relations between the
different protocols and authentication mechanisms.


Michael B Allen
PHP Active Directory SSO

More information about the jcifs mailing list