[jcifs] Domain based DFS support in Kerberos code, or NTLMv2 support in Java 1.4?

Michael B Allen ioplex at gmail.com
Wed Feb 25 20:33:49 GMT 2009

On Wed, Feb 25, 2009 at 2:06 PM, Darren Taft <daztop at rocketmail.com> wrote:
>> My guess is that is your problem. Does the issue occur without this
>> JVM? Does it work with that JVM and another server?
> I've just tested it with the Sun JVM (1.4.2 - the one that comes with WebLogic 8.1.4) and that
> fails too. It's irrelevant anyway though, as I'm unable to change our live environment.
>> I doubt that a timeout issue has anything to do with RC4 or NTLMv2.
>> It's more likely a VM or environmental issue. You'll need to get a
>> thread dump, try different VMs, servers and hosts machines to identify
>> the pattern.
> The Kerberos 1.3.1 version works fine though - if it had Domain-Based DFS support included, I
> wouldn't even have needed to post to this mailing list.  Is there any purpose trying to debug a
> fault in old code when it doesn't exist in the current code?  Are there any plans to add
> Domain-Based DFS support to the Kerberos version?

The Kerberos package *has* domain based DFS support. But I seriously
doubt the success of the Kerberos package has anything to do with
Kerberos. The Kerberos package requires special usage to actually get
it to do Kerberos. Meaning you would get precisely the same result
with the equivalent non-Kerberos version of JCIFS.

Your analysis of the problem isn't optimal. Test a standard JCIFS
example with a standard JVM with a standard server so that you see it
work. Then change one thing at a time systematically until it breaks.
Just saying "that fails too" is going to get you nowhere. You need to
provide error messages, thread dumps, log fragments, captures or
whatever you can get that shows what is happing at the failure


Michael B Allen
Java Active Directory Integration

More information about the jcifs mailing list