[jcifs] jCIFS NTLM HTTP and SMB Signing

Jim Davidson jdavidson at acm.org
Thu Mar 26 20:45:29 GMT 2009

I'm working on an application using NTLM SSO with Windows2003 (with SMB 
Signing required).

The preauthentication approach 
(http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing) seems to work 
just fine.  AFAICT, it uses the configured preauthentication credentials to 
sign each packet that goes between jCIFS and the server.

What about the packets going between the client (browser) and jCIFS?  I 
assume that the client is signing them, but the signature is not being 
checked, right? I don't see a way for jCIFS to check the signature, although 
I'll confess that I don't understand SMB signing completely.

Is there a security hole here?  Is that the sort of thing that Jespa could 

Thanks for any information.


More information about the jcifs mailing list