[jcifs] A suggested modification for NtlmHttpFilter

[Matthew Wilson]

Hi all, 

I've got a tomcat server running anthill.  We use NTLM to get userids, mainly
for logging purposes.  We have a 2003 PDC, so we use preauthentication.  The
trouble is, I really don't want windows usernames/passwords appearing in files
or 'ps' lists.  So I modified NtlmHttpFilter.java to add the following lines to
the end of init(), to set/override the relevant properties from environment
variables:

  // override username and password from environment variables, if supplied
  if (null != System.getenv("JCIFS_USERNAME")) {
    Config.setProperty( "jcifs.smb.client.username",
System.getenv("JCIFS_USERNAME") );
  }
  if (null != System.getenv("JCIFS_PASSWORD")) {
    Config.setProperty( "jcifs.smb.client.password",
System.getenv("JCIFS_PASSWORD") );
  }

Then I added these lines to the beginning of the startup.sh script for tomcat
(I'm sure a similar thing is possible for windows):

oldsttymodes=`stty -g`
trap "stty $oldsttymodes; exit" 0 2
printf "Username (for JCIFS domain authentication): "
read username
printf "Password: "
stty -echo
read password
stty $oldsttymodes
echo ""
JCIFS_USERNAME=${username}
JCIFS_PASSWORD=${password}
export JCIFS_USERNAME
export JCIFS_PASSWORD


So whoever happens to start the anthill server can enter a username/password to
be used for authentication, they don't have to be saved anywhere, and can't be
snarfed from the process listing.

A very simple change, and very useful.  If someone wanted to add this to the
standard source, that would be great.  I guess I could do it myself, but I don't
feel entitled :-)  

Thanks.