[jcifs] JCIFS Pops up dialog box for Authenticating certain users
Michael B Allen
ioplex at gmail.com
Thu Jul 10 04:03:12 GMT 2008
On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
> Setting jcifs.smb.client.ssnLimit = 1
> does not work when using jcifs.smb.client.username/password
> It does NOT cause a NPE, but "Invalid access to memory location."
> Please refer again to
So did you try 1.2.22+ with jcifs.smb.client.dfs.disabled = true?
> NTLM HTTP Filter has been so popular and solves a great
> problem; it would be sad to see it go.
> OSS has always been about hacks, CIFS is a hack itself.
> -----Original Message-----
> From: Michael B Allen [mailto:ioplex at gmail.com]
> Sent: Thursday, July 10, 2008 10:23 AM
> To: Ti Lian Hwang
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] JCIFS Pops up dialog box for Authenticating certain
> On 7/9/08, Ti Lian Hwang <lian_hwang.ti at fairprice.com.sg> wrote:
> > Sorry, I gotta keep refering to this ...
> > http://lists.samba.org/archive/jcifs/2008-January/007602.html
> > which has worked for me ever since.
> That's not a "fix" for anything. It just disables reusing transports.
> Setting jcifs.smb.client.ssnLimit = 1 would work equally well
> (although we recently fixed a bug that caused an NPE when setting that
> property to 1). But without transport reuse every authentication has
> to build up and tear down a socket which completely obliterates
> scalability and that is the greatest strength of the JCIFS NTLM HTTP
> The only known issue regarding the filter is the "hiccup bug" where
> transports shutdown in the middle of the NTLM exchange thereby
> invalidating any in-flight nonces. This is likely to be the issue that
> you are seeing. It's just a bad interaction between the stateful
> NTLMSSP and stateless HTTP protocols. The proposed fix for this issue
> is discussed here:
> However this fix will likely never be incorporated. Is is more likely
> that the NTLM HTTP Filter in general will be dropped with the release
> of JCIFS 2.0 (assuming a 2.0 ever happens) because the Filter has
> nothing to do with the CIFS protocol and, more important, the
> man-in-the-middle hack the Filter uses will not work with NTLMv2 which
> is gaining popularity (and it's at the center of the "hiccup" bug).
> I believe that an OSS project can actually do harm to the community
> because it can block the development of a proper solution. The JCIFS
> NTLM HTTP Filter was an easy solution that was very popular and it
> actually worked very well all things considered. But it's a hack, it's
> giving JCIFS a bad name and it needs to be put down.
> I reconnoiter that by removing the NTLM HTTP Filter from JCIFS the
> community will be forced to act to create a proper SSO Filter for Java
> Servlet containers. I would be happy to describe how a proper SSO
> Filter should operate to anyone who is serious about starting such a
> Michael B Allen
> PHP Active Directory SPNEGO SSO
Michael B Allen
PHP Active Directory SPNEGO SSO
More information about the jcifs