[jcifs] NTLM session security

Michael B Allen ioplex at gmail.com
Tue Oct 11 07:40:12 MDT 2011

On Mon, Oct 10, 2011 at 11:43 PM, Mohan Radhakrishnan <mohanr at fss.co.in> wrote:
> Hi,
>     I might have understand this wrongly. Does this mean all data
> passing through the socket using JCIFS is signed and verified at the
> other end ?

If signatures are negotiated then yes.

But if you are looking for "NTLMv2 session security" like you might
use with the Windows NTLMSSP, CIFS does not use that. CIFS implements
it's own message signatures that are not even based on streams. Each
CIFS message has a designated area for a signature. It only uses the
encryption key negotiated during NTLMv2 authentication.


Michael B Allen
Java Active Directory Integration

> -----Original Message-----
> From: jcifs-bounces at lists.samba.org
> [mailto:jcifs-bounces at lists.samba.org] On Behalf Of Michael B Allen
> Sent: Friday, October 07, 2011 10:21 AM
> To: Suhas Sutar
> Cc: jcifs at lists.samba.org
> Subject: Re: [jcifs] NTLM session security
> On Wed, Oct 5, 2011 at 10:48 AM, Suhas Sutar <suhassutar at gmail.com>
> wrote:
>> Hello
>> I wanted to confirm if JCIFS supports NTLM v2 session security
> feature. None of
>> the documentation specifically mentions it.
> Hi Suhas,
> No. JCIFS implements message signatures which are derived from the
> session key negotiated during NTLM auth so there is some apparatus to
> compute a key internally. But you cannot use JCIFS to sign and seal
> streams of data. That would require crypto that is not required by
> CIFS and so it's been left out.
> Mike

More information about the jCIFS mailing list