[jcifs] security policy requires NTLMv2
Michael B Allen
ioplex at gmail.com
Fri Jan 30 19:04:17 GMT 2009
On Fri, Jan 30, 2009 at 10:57 AM, pardesh <pardesh_dsp at yahoo.com> wrote:
> Hi,
>
> We have an existing java application using jcifs 1.2.9 for windows based
> authentication single signon. right now our company security policies are
> changed and security policy requires NTLMv2. After doing a little search on
> this forum found that it wont support ntlmv2.
>
> we are looking for an alternative implementation(quicker) which will support
> ntlmv2.
Hi Pardesh,
You are correct, the JCIFS NTLM HTTP Servlet Filter cannot support
NTLMv2, is obsolete and will be removed from JCIFS as described in
this post:
http://lists.samba.org/archive/jcifs/2008-October/008227.html
What you are looking for is called "Jespa" from IOPLEX Software:
http://www.ioplex.com/jespa.html
Jespa is a complete implementation of the Windows NTLM Security
Service Provider in 100% Java. By "complete" I mean if Windows can do
it, Jespa can do it, as in both the initiator and acceptor, NTLMv2,
session security and so on. As described in the post from October
cited above, the only way to properly validate NTLM responses (like
those submitted by IE and other browsers) is to use the
NetrLogonSamLogon DCERPC call with the NETLOGON service over
SecureChannel. Jespa does precisely that (and a lot more). Jespa also
includes a standard Servlet Filter and source code for doing HTTP SSO
without using a Filter.
If you have any questions regarding Jespa, please contact IOPLEX
Software support. Aside from this sort of "you're looking for Jespa"
types of answers, the JCIFS mailing list is not an appropriate forum
for questions about Jespa.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
More information about the jcifs
mailing list