[jcifs] Occasionally NTLM Filter fails...Please Help.

John Baker jbaker at javasystemsolutions.com
Mon May 18 15:29:30 GMT 2009


So, it can't be fixed to make it totally secure, but it can be fixed to do 
what it was originally designed to do - provide a working example of an NTLM 
filter. I also assume it could be enhanced to support NTLMv2 given there are 
commercial products that do it - so it can't be impossible to do it securely, 
unless all these commercial products are insecure?

Although, I don't really understand why one would use NTLMv2 over 
SPNEGO/Kerberos.  NTLM seems to be the backup option to me - if the SPNEGO 
token contains an NTLM token, there's little choice but to either deny or 


On Monday 18 May 2009 16:18:51 you wrote:
> On Mon, May 18, 2009 at 11:06 AM, John Baker
> <jbaker at javasystemsolutions.com> wrote:
> > I suspect that once the static configuration has been replaced with
> > something that can be specified at runtime, i.e. to allow different
> > instances of jcifs with different configurations, it won't be too much
> > effort to fix the NtlmHttpFilter.
> Hi John,
> Actually no, the NtlmHttpFilter cannot be fixed. See this post for a
> detailed explanation:
>   http://lists.samba.org/archive/jcifs/2008-October/008227.html
> Mike

More information about the jcifs mailing list