[jcifs] NTLMv2

Jay Kraly jaykraly at gmail.com
Fri Jun 20 21:48:20 GMT 2008 

FWIW - I'm another person who would greatly appreciate NTLMv2 support.  At
the moment the lack of NTLMv2 support for my linux/jboss environment is
holding us up from switching over to pure java from coldfusion.  My current
plan is to switch to using Kerberos for authentication, but I'd much rather
use NTLMv2 if it was supported out of the box.

On Fri, Jun 20, 2008 at 2:07 PM, Michael B Allen <ioplex at gmail.com> wrote:

> On 6/20/08, Matt Parker <parkerman at gmail.com> wrote:
> > On Mon, Jun 9, 2008 at 2:59 PM, Michael B Allen <ioplex at gmail.com>
> wrote:
> >  > On 6/9/08, Matt Parker <parkerman at gmail.com> wrote:
> >  >> I'm sure you get this request all the time, but I'm wondering if
> >  >>  NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have
> any
> >  >>  idea whatsoever approximately when.
> >  >>
> >  >>  If not, and if I wanted to contribute it, is it simply a matter of
> >  >>  implementing the correct behavior as outlined in the davenport spec
> >  >>  (which I understand may not be trivial)? Or are there some blocking
> >  >>  issues?
> >  >
> >  > If you're using the NTLM HTTP Filter then IIRC it would not work
> >  > without additional RPCs necessary to implement NETLOGON pass-through
> >  > authentication.
> >
> >
> > Sorry, what's IIRC? I'm using a custom HTTP filter.
> >
> >
> >  >
> >  > But as a client (the initiator as opposed to acceptor) of
> >  > authentication it should be fairly straight forward to add NTLMv2
> >  > support to JCIFS. In fact, the code mostly already exists in Eric's
> >  > "Jarapac" package from sourceforge. Check it out.
> >
> >
> > Thanks, I'll give jarapac a look. I'm actually the acceptor of
> >  authentication. The clients already have v2 capability, and now I'm on
> >  the hook to provide it.
>
> I would have to research the whole issue but the acceptor is much more
> difficult.
>
> Also, I was wrong about Jarapac. The initiator code isn't there either.
>
> >  > The only reason I didn't do NTLMv2 yet was because I started a 2.0
> >  > JCIFS with a completely reworked security infrastructure that properly
> >  > interfaced with Java's subject based security model and I was going to
> >  > address NTLMv2 in that work. But I never had the time to complete it
> >  > before leaving my mega-corp job.
> >
> >
> > I'm surprised v2 hasn't come up more, but I imagine that it will now
> >  that Vista uses it by default. And if you're taking votes, I'd vote
> >  for v2 before integration with JAAS.
>
> Me too. But apparently people are scraping by with NTLMv1 still.
>
> Mike
>
> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list