[jcifs] A suggested modification for NtlmHttpFilter
Matthew Wilson
Matthew.D.Wilson at pobox.com
Mon Oct 8 01:46:21 GMT 2007
Hi all,
I've got a tomcat server running anthill. We use NTLM to get userids, mainly
for logging purposes. We have a 2003 PDC, so we use preauthentication. The
trouble is, I really don't want windows usernames/passwords appearing in files
or 'ps' lists. So I modified NtlmHttpFilter.java to add the following lines to
the end of init(), to set/override the relevant properties from environment
variables:
// override username and password from environment variables, if supplied
if (null != System.getenv("JCIFS_USERNAME")) {
Config.setProperty( "jcifs.smb.client.username",
System.getenv("JCIFS_USERNAME") );
}
if (null != System.getenv("JCIFS_PASSWORD")) {
Config.setProperty( "jcifs.smb.client.password",
System.getenv("JCIFS_PASSWORD") );
}
Then I added these lines to the beginning of the startup.sh script for tomcat
(I'm sure a similar thing is possible for windows):
oldsttymodes=`stty -g`
trap "stty $oldsttymodes; exit" 0 2
printf "Username (for JCIFS domain authentication): "
read username
printf "Password: "
stty -echo
read password
stty $oldsttymodes
echo ""
JCIFS_USERNAME=${username}
JCIFS_PASSWORD=${password}
export JCIFS_USERNAME
export JCIFS_PASSWORD
So whoever happens to start the anthill server can enter a username/password to
be used for authentication, they don't have to be saved anywhere, and can't be
snarfed from the process listing.
A very simple change, and very useful. If someone wanted to add this to the
standard source, that would be great. I guess I could do it myself, but I don't
feel entitled :-)
Thanks.
More information about the jcifs
mailing list