|
»
»
NTLMv2
|
View:
New views
14 Messages
—
Rating Filter:
Alert me
|
 |
NTLMv2
by Matt Parker-3
::
Rate this Message:
I'm sure you get this request all the time, but I'm wondering if
NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any idea whatsoever approximately when. If not, and if I wanted to contribute it, is it simply a matter of implementing the correct behavior as outlined in the davenport spec (which I understand may not be trivial)? Or are there some blocking issues? Thanks in advance, Matt |
|
|
Re: NTLMv2
by Christopher R. Hertel
::
Rate this Message:
Note that the specifications Microsoft recently released will also be of
help if you choose to implement this. Chris -)----- Matt Parker wrote: > I'm sure you get this request all the time, but I'm wondering if > NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any > idea whatsoever approximately when. > > If not, and if I wanted to contribute it, is it simply a matter of > implementing the correct behavior as outlined in the davenport spec > (which I understand may not be trivial)? Or are there some blocking > issues? > > Thanks in advance, > > Matt -- "Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq ubiqx Team -- http://www.ubiqx.org/ -)----- crh@... OnLineBook -- http://ubiqx.org/cifs/ -)----- crh@... |
|
|
Re: NTLMv2
by Michael B Allen
::
Rate this Message:
On 6/9/08, Matt Parker <parkerman@...> wrote:
> I'm sure you get this request all the time, but I'm wondering if > NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any > idea whatsoever approximately when. > > If not, and if I wanted to contribute it, is it simply a matter of > implementing the correct behavior as outlined in the davenport spec > (which I understand may not be trivial)? Or are there some blocking > issues? If you're using the NTLM HTTP Filter then IIRC it would not work without additional RPCs necessary to implement NETLOGON pass-through authentication. But as a client (the initiator as opposed to acceptor) of authentication it should be fairly straight forward to add NTLMv2 support to JCIFS. In fact, the code mostly already exists in Eric's "Jarapac" package from sourceforge. Check it out. The only reason I didn't do NTLMv2 yet was because I started a 2.0 JCIFS with a completely reworked security infrastructure that properly interfaced with Java's subject based security model and I was going to address NTLMv2 in that work. But I never had the time to complete it before leaving my mega-corp job. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ |
|
|
Re: NTLMv2
by Laurent Millet
::
Rate this Message:
Michael B Allen <ioplex <at> gmail.com> writes:
> > On 6/9/08, Matt Parker <parkerman <at> gmail.com> wrote: > > I'm sure you get this request all the time, but I'm wondering if > > NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any > > idea whatsoever approximately when. > > > > If not, and if I wanted to contribute it, is it simply a matter of > > implementing the correct behavior as outlined in the davenport spec > > (which I understand may not be trivial)? Or are there some blocking > > issues? Hello, We'd also be interested in this. NTLMv2 is going to become mandatory in our environment. We use jCIFS as a client to access CIFS filers/Windows shares. > If you're using the NTLM HTTP Filter then IIRC it would not work > without additional RPCs necessary to implement NETLOGON pass-through > authentication. > > But as a client (the initiator as opposed to acceptor) of > authentication it should be fairly straight forward to add NTLMv2 > support to JCIFS. In fact, the code mostly already exists in Eric's > "Jarapac" package from sourceforge. Check it out. This is interesting, I'll have a look at it. > The only reason I didn't do NTLMv2 yet was because I started a 2.0 > JCIFS with a completely reworked security infrastructure that properly > interfaced with Java's subject based security model and I was going to > address NTLMv2 in that work. But I never had the time to complete it > before leaving my mega-corp job. It seems to me this might be a good opportunity to include Kerberos support as well. Mr. Shun kindly contributed Kerberos authentication to a branch. Unfortunately this did not make it into the main code base. We are considering adding Kerberos support to jCIFS, probably using that contribution. However this makes sense only if such support can be contributed back to the trunk. What would it take to do so? Best regards, Laurent |
|
|
Re: NTLMv2
by Matt Parker-3
::
Rate this Message:
On Mon, Jun 9, 2008 at 1:24 PM, Christopher R. Hertel <crh@...> wrote:
> Note that the specifications Microsoft recently released will also be of > help if you choose to implement this. > > Chris -)----- Right, thanks for the head's up. For others looking at this list, the NTLM spec that MS published is here: http://msdn.microsoft.com/en-us/library/cc207842.aspx Although I haven't had a chance to analyze whether it's sufficient for an actual implementation ;) |
|
|
Re: NTLMv2
by Matt Parker-3
::
Rate this Message:
On Mon, Jun 9, 2008 at 2:59 PM, Michael B Allen <ioplex@...> wrote:
> On 6/9/08, Matt Parker <parkerman@...> wrote: >> I'm sure you get this request all the time, but I'm wondering if >> NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any >> idea whatsoever approximately when. >> >> If not, and if I wanted to contribute it, is it simply a matter of >> implementing the correct behavior as outlined in the davenport spec >> (which I understand may not be trivial)? Or are there some blocking >> issues? > > If you're using the NTLM HTTP Filter then IIRC it would not work > without additional RPCs necessary to implement NETLOGON pass-through > authentication. Sorry, what's IIRC? I'm using a custom HTTP filter. > > But as a client (the initiator as opposed to acceptor) of > authentication it should be fairly straight forward to add NTLMv2 > support to JCIFS. In fact, the code mostly already exists in Eric's > "Jarapac" package from sourceforge. Check it out. Thanks, I'll give jarapac a look. I'm actually the acceptor of authentication. The clients already have v2 capability, and now I'm on the hook to provide it. > > The only reason I didn't do NTLMv2 yet was because I started a 2.0 > JCIFS with a completely reworked security infrastructure that properly > interfaced with Java's subject based security model and I was going to > address NTLMv2 in that work. But I never had the time to complete it > before leaving my mega-corp job. I'm surprised v2 hasn't come up more, but I imagine that it will now that Vista uses it by default. And if you're taking votes, I'd vote for v2 before integration with JAAS. Matt |
|
|
RE: NTLMv2
by Robert Baldock
::
Rate this Message:
Matt Parker wrote:
> Sorry, what's IIRC? I'm using a custom HTTP filter. "If I recall correctly"... ;-) Robert |
|
|
Re: NTLMv2
by Michael B Allen
::
Rate this Message:
On 6/20/08, Matt Parker <parkerman@...> wrote:
> On Mon, Jun 9, 2008 at 2:59 PM, Michael B Allen <ioplex@...> wrote: > > On 6/9/08, Matt Parker <parkerman@...> wrote: > >> I'm sure you get this request all the time, but I'm wondering if > >> NTLMv2 proper (not LMv2) is on the roadmap, and if so, if you have any > >> idea whatsoever approximately when. > >> > >> If not, and if I wanted to contribute it, is it simply a matter of > >> implementing the correct behavior as outlined in the davenport spec > >> (which I understand may not be trivial)? Or are there some blocking > >> issues? > > > > If you're using the NTLM HTTP Filter then IIRC it would not work > > without additional RPCs necessary to implement NETLOGON pass-through > > authentication. > > > Sorry, what's IIRC? I'm using a custom HTTP filter. > > > > > > But as a client (the initiator as opposed to acceptor) of > > authentication it should be fairly straight forward to add NTLMv2 > > support to JCIFS. In fact, the code mostly already exists in Eric's > > "Jarapac" package from sourceforge. Check it out. > > > Thanks, I'll give jarapac a look. I'm actually the acceptor of > authentication. The clients already have v2 capability, and now I'm on > the hook to provide it. I would have to research the whole issue but the acceptor is much more difficult. Also, I was wrong about Jarapac. The initiator code isn't there either. > > The only reason I didn't do NTLMv2 yet was because I started a 2.0 > > JCIFS with a completely reworked security infrastructure that properly > > interfaced with Java's subject based security model and I was going to > > address NTLMv2 in that work. But I never had the time to complete it > > before leaving my mega-corp job. > > > I'm surprised v2 hasn't come up more, but I imagine that it will now > that Vista uses it by default. And if you're taking votes, I'd vote > for v2 before integration with JAAS. Me too. But apparently people are scraping by with NTLMv1 still. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ |
|
|
Re: NTLMv2
by Jay Kraly
::
Rate this Message:
FWIW - I'm another person who would greatly appreciate NTLMv2 support. At the moment the lack of NTLMv2 support for my linux/jboss environment is holding us up from switching over to pure java from coldfusion. My current plan is to switch to using Kerberos for authentication, but I'd much rather use NTLMv2 if it was supported out of the box.
On Fri, Jun 20, 2008 at 2:07 PM, Michael B Allen <ioplex@...> wrote:
|
|
|
Obtaining legacy versions of jCIFS?
by Robert Baldock
::
Rate this Message:
Is there anywhere I can get hold of legacy versions of jCIFS?
I need a copy of 1.1.8 to be precise. Robert |
|
|
Re: Obtaining legacy versions of jCIFS?
by Michael B Allen
::
Rate this Message:
On Mon, Jul 21, 2008 at 10:56 AM, Robert Baldock
<robert.baldock@...> wrote: > Is there anywhere I can get hold of legacy versions of jCIFS? > > I need a copy of 1.1.8 to be precise. Yes. Old versions are placed in the 'old' subdirectory relative to the root of the website. Note that you cannot list that directory however. You must simply append the desired package name to access the file directly. The 1.1.8 packages are there. Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ |
|
|
RE: Obtaining legacy versions of jCIFS?
by Robert Baldock
::
Rate this Message:
Michael -
> Yes. Old versions are placed in the 'old' subdirectory relative to the > root of the website. Note that you cannot list that directory however. > You must simply append the desired package name to access the file > directly. The 1.1.8 packages are there. Thanks for that. I tried this URL but it didn't give me anything back: http://jcifs.samba.org/old/jcifs-1.1.8.jar Where have I gone wrong? Robert |
|
|
Re: Obtaining legacy versions of jCIFS?
by Michael B Allen
::
Rate this Message:
On Mon, Jul 21, 2008 at 2:59 PM, Robert Baldock
<robert.baldock@...> wrote: > Michael - > >> Yes. Old versions are placed in the 'old' subdirectory relative to the >> root of the website. Note that you cannot list that directory however. >> You must simply append the desired package name to access the file >> directly. The 1.1.8 packages are there. > > Thanks for that. > > I tried this URL but it didn't give me anything back: > > http://jcifs.samba.org/old/jcifs-1.1.8.jar > > Where have I gone wrong? We don't save jar files. Only the tgz and zip (which both contain the jar). Mike -- Michael B Allen PHP Active Directory SPNEGO SSO http://www.ioplex.com/ |
|
|
RE: Obtaining legacy versions of jCIFS?
by Robert Baldock
::
Rate this Message:
Michael -
> We don't save jar files. Only the tgz and zip (which both contain the > jar). Thanks for that - got it now. Robert |
| Free Forum Powered by Nabble | Forum Help |