Hi all,

On Fri, Jun 27, 2008 at 1:29 PM, Emmanuel Lecharny <elecharny@apache.org> wrote:
Michael B Allen wrote:
 We already have NTLM and Kerberos implemented :
http://cwiki.apache.org/confluence/display/DIRxSRVx11/SASL+NTLM+Support
   

Hi Emmanuel,

But I can see it's just an empty "provider".

You cannot do the "man-in-the-middle" thing with NTLMv2. NTLMv2 hashes
include the target which is specifically designed to thwart such a
technique. That hack only works with NTLMv1.

To create a proper NTLMv2 acceptor you must do NETLOGON pass-through
authentication using DCERPC (or possibly the krb5-digest technique
used by Heimdal). Also for the acceptor you will need to do SPNEGO
because clients will send those tokens so you have to deal with them
(Windows clients at least).
 
I would wait for Alex to reply, as he is the guy working on this part.

Yep yep Michael, this is for NTLMv1 using jCIFS - I have abstracted it out with providers so if something other than jCIFS is available we can use that.   

Alex