[jcifs] jCifs' NTLMSSP: is it secure and sound?
Giampaolo Tomassoni
Giampaolo at Tomassoni.biz
Wed Apr 9 09:00:24 GMT 2008
> -----Original Message-----
> From: Michael B Allen [mailto:miallen at ioplex.com]
> Sent: Wednesday, April 09, 2008 2:24 AM
> To: Giampaolo Tomassoni
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] jCifs' NTLMSSP: is it secure and sound?
>
> On Wed, 9 Apr 2008 01:30:07 +0200
> "Giampaolo Tomassoni" <Giampaolo at Tomassoni.biz> wrote:
>
> > What are your thoughts about this?
>
> If NTLM does not provide the level of security you require then I
> recommend that you use Kerberos instead.
>
> Mike
Well, I probably wasn't clean enough. It is not that I don't like NTLMSSP.
It is that the jCifs' implementation of NTLMSSP (NtlmHttpFilter and
relatives) is not correct and thereby is more easily spoofed.
Giampaolo
>
> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
More information about the jcifs
mailing list