directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <>
Subject Re: Ideas Wanted: NTLMv2, Kerberos, JAAS, ...
Date Wed, 02 Jul 2008 01:46:50 GMT
Hi all,

On Fri, Jun 27, 2008 at 1:29 PM, Emmanuel Lecharny <>

> Michael B Allen wrote:
>>  We already have NTLM and Kerberos implemented :
>> Hi Emmanuel,
>> But I can see it's just an empty "provider".
>> You cannot do the "man-in-the-middle" thing with NTLMv2. NTLMv2 hashes
>> include the target which is specifically designed to thwart such a
>> technique. That hack only works with NTLMv1.
>> To create a proper NTLMv2 acceptor you must do NETLOGON pass-through
>> authentication using DCERPC (or possibly the krb5-digest technique
>> used by Heimdal). Also for the acceptor you will need to do SPNEGO
>> because clients will send those tokens so you have to deal with them
>> (Windows clients at least).
> I would wait for Alex to reply, as he is the guy working on this part.

Yep yep Michael, this is for NTLMv1 using jCIFS - I have abstracted it out
with providers so if something other than jCIFS is available we can use


View raw message