[jcifs] JCIFS Pops up dialog box for Authenticating certain users
Michael B Allen
ioplex at gmail.com
Thu Jul 10 04:03:12 GMT 2008
On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
> Setting jcifs.smb.client.ssnLimit = 1
>
>
> does not work when using jcifs.smb.client.username/password
> It does NOT cause a NPE, but "Invalid access to memory location."
>
> Please refer again to
>
> http://lists.samba.org/archive/jcifs/2008-June/007993.html
So did you try 1.2.22+ with jcifs.smb.client.dfs.disabled = true?
>
>
> NTLM HTTP Filter has been so popular and solves a great
> problem; it would be sad to see it go.
>
> OSS has always been about hacks, CIFS is a hack itself.
>
>
>
> -----Original Message-----
> From: Michael B Allen [mailto:ioplex at gmail.com]
> Sent: Thursday, July 10, 2008 10:23 AM
> To: Ti Lian Hwang
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] JCIFS Pops up dialog box for Authenticating certain
> users
>
>
> On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
> >
> > Sorry, I gotta keep refering to this ...
> >
> > http://lists.samba.org/archive/jcifs/2008-January/007602.html
> >
> > which has worked for me ever since.
>
> That's not a "fix" for anything. It just disables reusing transports.
> Setting jcifs.smb.client.ssnLimit = 1 would work equally well
> (although we recently fixed a bug that caused an NPE when setting that
> property to 1). But without transport reuse every authentication has
> to build up and tear down a socket which completely obliterates
> scalability and that is the greatest strength of the JCIFS NTLM HTTP
> Filter.
>
> The only known issue regarding the filter is the "hiccup bug" where
> transports shutdown in the middle of the NTLM exchange thereby
> invalidating any in-flight nonces. This is likely to be the issue that
> you are seeing. It's just a bad interaction between the stateful
> NTLMSSP and stateless HTTP protocols. The proposed fix for this issue
> is discussed here:
>
> http://lists.samba.org/archive/jcifs/2008-June/008019.html
>
> However this fix will likely never be incorporated. Is is more likely
> that the NTLM HTTP Filter in general will be dropped with the release
> of JCIFS 2.0 (assuming a 2.0 ever happens) because the Filter has
> nothing to do with the CIFS protocol and, more important, the
> man-in-the-middle hack the Filter uses will not work with NTLMv2 which
> is gaining popularity (and it's at the center of the "hiccup" bug).
>
> I believe that an OSS project can actually do harm to the community
> because it can block the development of a proper solution. The JCIFS
> NTLM HTTP Filter was an easy solution that was very popular and it
> actually worked very well all things considered. But it's a hack, it's
> giving JCIFS a bad name and it needs to be put down.
>
> I reconnoiter that by removing the NTLM HTTP Filter from JCIFS the
> community will be forced to act to create a proper SSO Filter for Java
> Servlet containers. I would be happy to describe how a proper SSO
> Filter should operate to anyone who is serious about starting such a
> project.
>
> Mike
>
> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
>
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the jcifs
mailing list