[jcifs] Occasionally NTLM Filter fails...Please Help.
John Baker
jbaker at javasystemsolutions.com
Mon May 18 15:29:30 GMT 2009
Hi,
So, it can't be fixed to make it totally secure, but it can be fixed to do
what it was originally designed to do - provide a working example of an NTLM
filter. I also assume it could be enhanced to support NTLMv2 given there are
commercial products that do it - so it can't be impossible to do it securely,
unless all these commercial products are insecure?
Although, I don't really understand why one would use NTLMv2 over
SPNEGO/Kerberos. NTLM seems to be the backup option to me - if the SPNEGO
token contains an NTLM token, there's little choice but to either deny or
process.
J
On Monday 18 May 2009 16:18:51 you wrote:
> On Mon, May 18, 2009 at 11:06 AM, John Baker
>
> <jbaker at javasystemsolutions.com> wrote:
> > I suspect that once the static configuration has been replaced with
> > something that can be specified at runtime, i.e. to allow different
> > instances of jcifs with different configurations, it won't be too much
> > effort to fix the NtlmHttpFilter.
>
> Hi John,
>
> Actually no, the NtlmHttpFilter cannot be fixed. See this post for a
> detailed explanation:
>
> http://lists.samba.org/archive/jcifs/2008-October/008227.html
>
> Mike
More information about the jcifs
mailing list