[jcifs] Re: NTLMv2

[Laurent Millet]

Michael B Allen <ioplex <at> gmail.com> writes:

> 
> On 6/9/08, Matt Parker <parkerman <at> gmail.com> wrote:
> > I'm sure you get this request all the time, but I'm wondering if
> >  NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any
> >  idea whatsoever approximately when.
> >
> >  If not, and if I wanted to contribute it, is it simply a matter of
> >  implementing the correct behavior as outlined in the davenport spec
> >  (which I understand may not be trivial)? Or are there some blocking
> >  issues?

Hello,

We'd also be interested in this. NTLMv2 is going to become mandatory in our
environment. We use jCIFS as a client to access CIFS filers/Windows shares.

> If you're using the NTLM HTTP Filter then IIRC it would not work
> without additional RPCs necessary to implement NETLOGON pass-through
> authentication.
> 
> But as a client (the initiator as opposed to acceptor) of
> authentication it should be fairly straight forward to add NTLMv2
> support to JCIFS. In fact, the code mostly already exists in Eric's
> "Jarapac" package from sourceforge. Check it out.

This is interesting, I'll have a look at it.

> The only reason I didn't do NTLMv2 yet was because I started a 2.0
> JCIFS with a completely reworked security infrastructure that properly
> interfaced with Java's subject based security model and I was going to
> address NTLMv2 in that work. But I never had the time to complete it
> before leaving my mega-corp job.

It seems to me this might be a good opportunity to include Kerberos support as
well. Mr. Shun kindly contributed Kerberos authentication to a branch.
Unfortunately this did not make it into the main code base. We are considering
adding Kerberos support to jCIFS, probably using that contribution. However this
makes sense only if such support can be contributed back to the trunk. What
would it take to do so?

Best regards,

Laurent