[jcifs] JCIFS Pops up dialog box for Authenticating certain users

Michael B Allen ioplex at gmail.com
Thu Jul 10 04:03:12 GMT 2008


On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
> Setting jcifs.smb.client.ssnLimit = 1
>
>
> does not work when using jcifs.smb.client.username/password
>  It does NOT cause a NPE, but "Invalid access to memory location."
>
>  Please refer again to
>
>  http://lists.samba.org/archive/jcifs/2008-June/007993.html

So did you try 1.2.22+ with jcifs.smb.client.dfs.disabled = true?

>
>
>  NTLM HTTP Filter has been so popular and solves a great
>  problem; it would be sad to see it go.
>
>  OSS has always been about hacks, CIFS is a hack itself.
>
>
>
>  -----Original Message-----
>  From: Michael B Allen [mailto:ioplex at gmail.com]
>  Sent: Thursday, July 10, 2008 10:23 AM
>  To: Ti Lian Hwang
>  Cc: jcifs at lists.samba.org
>  Subject: Re: [jcifs] JCIFS Pops up dialog box for Authenticating certain
>  users
>
>
>  On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
>  >
>  > Sorry, I gotta keep refering to this ...
>  >
>  > http://lists.samba.org/archive/jcifs/2008-January/007602.html
>  >
>  > which has worked for me ever since.
>
>  That's not a "fix" for anything. It just disables reusing transports.
>  Setting jcifs.smb.client.ssnLimit = 1 would work equally well
>  (although we recently fixed a bug that caused an NPE when setting that
>  property to 1). But without transport reuse every authentication has
>  to build up and tear down a socket which completely obliterates
>  scalability and that is the greatest strength of the JCIFS NTLM HTTP
>  Filter.
>
>  The only known issue regarding the filter is the "hiccup bug" where
>  transports shutdown in the middle of the NTLM exchange thereby
>  invalidating any in-flight nonces. This is likely to be the issue that
>  you are seeing. It's just a bad interaction between the stateful
>  NTLMSSP and stateless HTTP protocols. The proposed fix for this issue
>  is discussed here:
>
>   http://lists.samba.org/archive/jcifs/2008-June/008019.html
>
>  However this fix will likely never be incorporated. Is is more likely
>  that the NTLM HTTP Filter in general will be dropped with the release
>  of JCIFS 2.0 (assuming a 2.0 ever happens) because the Filter has
>  nothing to do with the CIFS protocol and, more important, the
>  man-in-the-middle hack the Filter uses will not work with NTLMv2 which
>  is gaining popularity (and it's at the center of the "hiccup" bug).
>
>  I believe that an OSS project can actually do harm to the community
>  because it can block the development of a proper solution. The JCIFS
>  NTLM HTTP Filter was an easy solution that was very popular and it
>  actually worked very well all things considered. But it's a hack, it's
>  giving JCIFS a bad name and it needs to be put down.
>
>  I reconnoiter that by removing the NTLM HTTP Filter from JCIFS the
>  community will be forced to act to create a proper SSO Filter for Java
>  Servlet containers. I would be happy to describe how a proper SSO
>  Filter should operate to anyone who is serious about starting such a
>  project.
>
>  Mike
>
>  --
>  Michael B Allen
>  PHP Active Directory SPNEGO SSO
>  http://www.ioplex.com/
>


-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/


More information about the jcifs mailing list