[jcifs] Question on JCIFS 1.3.0+ support for NTLMv2

Sachin Shekar Shetty sachintheonly at yahoo.com
Tue Apr 7 16:41:12 GMT 2009


Hi,

Can you please clarify on the following:

==
Note that we have no interest in incorporating anything that is not
required by CIFS or DCERPC. In fact we are going to be removing all
HTTP related code.
==

So going forward, the NTLM Http Filters will be desupported?


--- On Tue, 4/7/09, Michael B Allen <ioplex at gmail.com> wrote:

From: Michael B Allen <ioplex at gmail.com>
Subject: Re: [jcifs] Question on JCIFS 1.3.0+ support for NTLMv2
To: "David Schmidt" <dschmidt9882 at gmail.com>
Cc: jcifs at lists.samba.org
Date: Tuesday, April 7, 2009, 9:55 PM

On Tue, Apr 7, 2009 at 11:31 AM, David Schmidt <dschmidt9882 at gmail.com> wrote:
> I have a general question regarding
>
> jcifs-1.3.0 released / NTLMv2 Support
> posted by Mike, Oct 25, 2008
> NTLMv2 has been fully implemented and will be used by default.
>
>
> that I hope you can answer. When it is stated "fully implemented", does it
> mean it is a faithful implementation of everything in MS-NLMP published in
> 2008? I realize that MS-NTHT is not supported as indicated at the top of
> this page http://jcifs.samba.org/src/docs/ntlmhttpauth.html. But I am
> wondering if the full NTLM protocol in the NLMP Microsoft spec is
> implemented, including v2.

The NTLMv2 code in JCIFS does everything it needs to do for all
security policy settings in Windows Server that I'm aware of. So
LmCompatibilityLevel, NtlmMinServerSec, etc is all covered. It
implements NTLM2 Session Security and Key Exchange for both NTLMv2 and
NTLMv1. Also, only what is necessary for the CIFS protocol is
supported here although I believe the client side of authentication
and computation of the session key is complete and could be used with
any other protocol.

There could be holes so the "fully implemented" comment is used
somewhat loosely. But for all practical purposes it is accurate.

Note that we have no interest in incorporating anything that is not
required by CIFS or DCERPC. In fact we are going to be removing all
HTTP related code.

Mike

-- 
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the jcifs mailing list