FW: [jcifs] NTLM authentication

Michael B Allen ioplex at gmail.com
Fri Apr 24 17:27:41 GMT 2009

On Fri, Apr 24, 2009 at 8:25 AM, Giampaolo Tomassoni
<Giampaolo at tomassoni.biz> wrote:
>> -----Original Message-----
>> From: Michael B Allen
>> Sent: Thursday, April 23, 2009 10:37 PM
>> ...omissis...
>> In particular I'm curious as to what Microsoft's
>> proxy software is. I've tried to search around on their website but I
>> just don't know enough about it to get a toe hold. Then again I
>> haven't spent much time on it.
> Hi Michael,
> the MS Proxy was a server package which was meant to do what is supposed a
> proxy does, plus the NTLM transparent authentication. As usual in many proxy
> servers, it allowed to establish user and group policies and rules in
> accessing outside web resources through it.
> You were unsuccessful in finding more docs about it because it is an old
> product: you wouldn't get a copy even signing a MAPS agreement with MS, in
> example. To my knowledge, the version of the latest MS Proxy package is 2.0.
> I installed it once not early than five years ago.
> Its "silent" withdrawal by MS is probably due to the fact that it had a very
> limited market impact from its very first release: most of the companies
> which could afford buying it had already move to xDSL lines dropping the old
> ISDN and POTS ones in order to connect to Internet, thereby reducing the
> appeal of MS Proxy. Also, the other benefits the MS Proxy could give (access
> control, logging, security) where interesting only for middle to big
> organizations, and they could however rely in other similar (open source)
> products (read: squid) which were also more powerful (squid, in example, can
> be plugged to an AV in order to block viruses and the like). Finally, squid
> implemented NTLM authentication well before the MS Proxy 2.0 version,
> eventually removing the last remaining "plus" of MS Proxy.

Very interesting.

So does anyone even really using NTLM proxy authentication?

Does Squid even support NTLMv2? I would imaging it cannot unless it
interfaced with Samba.

It sounds like NTLM proxy authentication is not as common as I first thought.


Michael B Allen
Java Active Directory Integration

More information about the jcifs mailing list