[jcifs] Question on JCIFS 1.3.0+ support for NTLMv2

Michael B Allen ioplex at gmail.com
Tue Apr 7 16:25:36 GMT 2009

On Tue, Apr 7, 2009 at 11:31 AM, David Schmidt <dschmidt9882 at gmail.com> wrote:
> I have a general question regarding
> jcifs-1.3.0 released / NTLMv2 Support
> posted by Mike, Oct 25, 2008
> NTLMv2 has been fully implemented and will be used by default.
> that I hope you can answer. When it is stated "fully implemented", does it
> mean it is a faithful implementation of everything in MS-NLMP published in
> 2008? I realize that MS-NTHT is not supported as indicated at the top of
> this page http://jcifs.samba.org/src/docs/ntlmhttpauth.html. But I am
> wondering if the full NTLM protocol in the NLMP Microsoft spec is
> implemented, including v2.

The NTLMv2 code in JCIFS does everything it needs to do for all
security policy settings in Windows Server that I'm aware of. So
LmCompatibilityLevel, NtlmMinServerSec, etc is all covered. It
implements NTLM2 Session Security and Key Exchange for both NTLMv2 and
NTLMv1. Also, only what is necessary for the CIFS protocol is
supported here although I believe the client side of authentication
and computation of the session key is complete and could be used with
any other protocol.

There could be holes so the "fully implemented" comment is used
somewhat loosely. But for all practical purposes it is accurate.

Note that we have no interest in incorporating anything that is not
required by CIFS or DCERPC. In fact we are going to be removing all
HTTP related code.


Michael B Allen
Java Active Directory Integration

More information about the jcifs mailing list