[jcifs] NTLMv2

Matt Parker parkerman at gmail.com
Fri Jun 20 17:08:41 GMT 2008

On Mon, Jun 9, 2008 at 2:59 PM, Michael B Allen <ioplex at gmail.com> wrote:
> On 6/9/08, Matt Parker <parkerman at gmail.com> wrote:
>> I'm sure you get this request all the time, but I'm wondering if
>>  NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any
>>  idea whatsoever approximately when.
>>  If not, and if I wanted to contribute it, is it simply a matter of
>>  implementing the correct behavior as outlined in the davenport spec
>>  (which I understand may not be trivial)? Or are there some blocking
>>  issues?
> If you're using the NTLM HTTP Filter then IIRC it would not work
> without additional RPCs necessary to implement NETLOGON pass-through
> authentication.

Sorry, what's IIRC? I'm using a custom HTTP filter.

> But as a client (the initiator as opposed to acceptor) of
> authentication it should be fairly straight forward to add NTLMv2
> support to JCIFS. In fact, the code mostly already exists in Eric's
> "Jarapac" package from sourceforge. Check it out.

Thanks, I'll give jarapac a look. I'm actually the acceptor of
authentication. The clients already have v2 capability, and now I'm on
the hook to provide it.

> The only reason I didn't do NTLMv2 yet was because I started a 2.0
> JCIFS with a completely reworked security infrastructure that properly
> interfaced with Java's subject based security model and I was going to
> address NTLMv2 in that work. But I never had the time to complete it
> before leaving my mega-corp job.

I'm surprised v2 hasn't come up more, but I imagine that it will now
that Vista uses it by default. And if you're taking votes, I'd vote
for v2 before integration with JAAS.


More information about the jcifs mailing list