[jcifs] A bug in 1.2.17 ?

Michael B Allen miallen at ioplex.com
Mon Nov 26 16:24:10 GMT 2007

On Mon, 26 Nov 2007 10:49:06 +0200
"Asaf Mesika" <asaf.mesika at gmail.com> wrote:

> The NtlmPasswordAuthentication object is passed between the two parts using
> XStream, which means its converted to XML and back to an object.
> The XML method creates the situation in which the auth.challenge is not the
> same object as session.transport.server.encryptionKey but *contains the same
> content.*
> What do you think?
> Maybe you can give me some pointers to understand why there's need to check
> it is the same object and not check the contents alone?

We use a logical comparison only because that is all that is
needed. Arrays.equals should work equally well I think. That whole check
is only there to prevent the wrong challenge from accidentally being
use which under normal circumstances should never happen anyway.


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the jcifs mailing list