[jcifs] jCifs' NTLMSSP: is it secure and sound?

Giampaolo Tomassoni Giampaolo at Tomassoni.biz
Wed Apr 9 09:00:24 GMT 2008

> -----Original Message-----
> From: Michael B Allen [mailto:miallen at ioplex.com]
> Sent: Wednesday, April 09, 2008 2:24 AM
> To: Giampaolo Tomassoni
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] jCifs' NTLMSSP: is it secure and sound?
> On Wed, 9 Apr 2008 01:30:07 +0200
> "Giampaolo Tomassoni" <Giampaolo at Tomassoni.biz> wrote:
> > What are your thoughts about this?
> If NTLM does not provide the level of security you require then I
> recommend that you use Kerberos instead.
> Mike

Well, I probably wasn't clean enough. It is not that I don't like NTLMSSP.
It is that the jCifs' implementation of NTLMSSP (NtlmHttpFilter  and
relatives) is not correct and thereby is more easily spoofed.


> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/

More information about the jcifs mailing list