[jcifs] security policy requires NTLMv2

John.Baker at barclayscapital.com John.Baker at barclayscapital.com
Sat Jan 31 09:07:53 GMT 2009


I see, so you're basically moving the NTLM Filter development to a
commercial product!  And hence, ioplex is basically another QSJ SSO


> -----Original Message-----
> From: 
> jcifs-bounces+john.baker=barclayscapital.com at lists.samba.org 
> [mailto:jcifs-bounces+john.baker=barclayscapital.com at lists.sam
> ba.org] On Behalf Of Michael B Allen
> Sent: 30 January 2009 19:04
> To: pardesh
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] security policy requires NTLMv2
> On Fri, Jan 30, 2009 at 10:57 AM, pardesh 
> <pardesh_dsp at yahoo.com> wrote:
> > Hi,
> >
> > We have an existing java application using jcifs 1.2.9 for windows 
> > based authentication single signon. right now our company security 
> > policies are changed and security policy requires NTLMv2. 
> After doing 
> > a little search on this forum found that it wont support ntlmv2.
> >
> > we are looking for an alternative implementation(quicker) 
> which will 
> > support ntlmv2.
> Hi Pardesh,
> You are correct, the JCIFS NTLM HTTP Servlet Filter cannot 
> support NTLMv2, is obsolete and will be removed from JCIFS as 
> described in this post:
>   http://lists.samba.org/archive/jcifs/2008-October/008227.html
> What you are looking for is called "Jespa" from IOPLEX Software:
>   http://www.ioplex.com/jespa.html
> Jespa is a complete implementation of the Windows NTLM 
> Security Service Provider in 100% Java. By "complete" I mean 
> if Windows can do it, Jespa can do it, as in both the 
> initiator and acceptor, NTLMv2, session security and so on. 
> As described in the post from October cited above, the only 
> way to properly validate NTLM responses (like those submitted 
> by IE and other browsers) is to use the NetrLogonSamLogon 
> DCERPC call with the NETLOGON service over SecureChannel. 
> Jespa does precisely that (and a lot more). Jespa also 
> includes a standard Servlet Filter and source code for doing 
> HTTP SSO without using a Filter.
> If you have any questions regarding Jespa, please contact 
> IOPLEX Software support. Aside from this sort of "you're 
> looking for Jespa"
> types of answers, the JCIFS mailing list is not an 
> appropriate forum for questions about Jespa.
> Mike
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/

This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing.  Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP.  This email may relate to or be sent from other members of the Barclays Group.

More information about the jcifs mailing list