[jcifs] NTLMv2

Michael B Allen ioplex at gmail.com
Mon Jun 9 20:59:31 GMT 2008

On 6/9/08, Matt Parker <parkerman at gmail.com> wrote:
> I'm sure you get this request all the time, but I'm wondering if
>  NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any
>  idea whatsoever approximately when.
>  If not, and if I wanted to contribute it, is it simply a matter of
>  implementing the correct behavior as outlined in the davenport spec
>  (which I understand may not be trivial)? Or are there some blocking
>  issues?

If you're using the NTLM HTTP Filter then IIRC it would not work
without additional RPCs necessary to implement NETLOGON pass-through

But as a client (the initiator as opposed to acceptor) of
authentication it should be fairly straight forward to add NTLMv2
support to JCIFS. In fact, the code mostly already exists in Eric's
"Jarapac" package from sourceforge. Check it out.

The only reason I didn't do NTLMv2 yet was because I started a 2.0
JCIFS with a completely reworked security infrastructure that properly
interfaced with Java's subject based security model and I was going to
address NTLMv2 in that work. But I never had the time to complete it
before leaving my mega-corp job.


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the jcifs mailing list