[jcifs] NTLMv2
Michael B Allen
ioplex at gmail.com
Fri Jun 20 18:07:30 GMT 2008
On 6/20/08, Matt Parker <parkerman at gmail.com> wrote:
> On Mon, Jun 9, 2008 at 2:59 PM, Michael B Allen <ioplex at gmail.com> wrote:
> > On 6/9/08, Matt Parker <parkerman at gmail.com> wrote:
> >> I'm sure you get this request all the time, but I'm wondering if
> >> NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any
> >> idea whatsoever approximately when.
> >>
> >> If not, and if I wanted to contribute it, is it simply a matter of
> >> implementing the correct behavior as outlined in the davenport spec
> >> (which I understand may not be trivial)? Or are there some blocking
> >> issues?
> >
> > If you're using the NTLM HTTP Filter then IIRC it would not work
> > without additional RPCs necessary to implement NETLOGON pass-through
> > authentication.
>
>
> Sorry, what's IIRC? I'm using a custom HTTP filter.
>
>
> >
> > But as a client (the initiator as opposed to acceptor) of
> > authentication it should be fairly straight forward to add NTLMv2
> > support to JCIFS. In fact, the code mostly already exists in Eric's
> > "Jarapac" package from sourceforge. Check it out.
>
>
> Thanks, I'll give jarapac a look. I'm actually the acceptor of
> authentication. The clients already have v2 capability, and now I'm on
> the hook to provide it.
I would have to research the whole issue but the acceptor is much more
difficult.
Also, I was wrong about Jarapac. The initiator code isn't there either.
> > The only reason I didn't do NTLMv2 yet was because I started a 2.0
> > JCIFS with a completely reworked security infrastructure that properly
> > interfaced with Java's subject based security model and I was going to
> > address NTLMv2 in that work. But I never had the time to complete it
> > before leaving my mega-corp job.
>
>
> I'm surprised v2 hasn't come up more, but I imagine that it will now
> that Vista uses it by default. And if you're taking votes, I'd vote
> for v2 before integration with JAAS.
Me too. But apparently people are scraping by with NTLMv1 still.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
More information about the jcifs
mailing list