[jcifs] NTLMv2

[Matt Parker]

On Mon, Jun 9, 2008 at 2:59 PM, Michael B Allen <ioplex at gmail.com> wrote:
> On 6/9/08, Matt Parker <parkerman at gmail.com> wrote:
>> I'm sure you get this request all the time, but I'm wondering if
>>  NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any
>>  idea whatsoever approximately when.
>>
>>  If not, and if I wanted to contribute it, is it simply a matter of
>>  implementing the correct behavior as outlined in the davenport spec
>>  (which I understand may not be trivial)? Or are there some blocking
>>  issues?
>
> If you're using the NTLM HTTP Filter then IIRC it would not work
> without additional RPCs necessary to implement NETLOGON pass-through
> authentication.

Sorry, what's IIRC? I'm using a custom HTTP filter.

>
> But as a client (the initiator as opposed to acceptor) of
> authentication it should be fairly straight forward to add NTLMv2
> support to JCIFS. In fact, the code mostly already exists in Eric's
> "Jarapac" package from sourceforge. Check it out.

Thanks, I'll give jarapac a look. I'm actually the acceptor of
authentication. The clients already have v2 capability, and now I'm on
the hook to provide it.

>
> The only reason I didn't do NTLMv2 yet was because I started a 2.0
> JCIFS with a completely reworked security infrastructure that properly
> interfaced with Java's subject based security model and I was going to
> address NTLMv2 in that work. But I never had the time to complete it
> before leaving my mega-corp job.

I'm surprised v2 hasn't come up more, but I imagine that it will now
that Vista uses it by default. And if you're taking votes, I'd vote
for v2 before integration with JAAS.

Matt