Java NTLMv2 on linux - Does it work ?

Posted Tue, 16/06/2009 - 12:33 by mark
, , ,

Does any one know - does NTLMv2 supported in java 6 on linux.

 

I need to connect to site using NTLMv2 authentication only. On windows it works and uses current logged user as principal.

On linux I get reject from target site.

I use sun jre http client.

 

Note: NTLM works but NTLMv2 not.

I cant use  third party like JCIFS, Oakland

 

OpenDS issue ›

Comments

by lior.kanfi - 16/06/2009 - 15:36

Are you referring to JAAS ?

I think this link might be helpful. http://stackoverflow.com/questions/390150/authenticating-against-active-...

by mark - 16/06/2009 - 15:59

They doesn't tell about NTLMv2, just built in NTLM support.

I need connect Sun JAX-WS client (Metro) with Sharepoint (NTLMv2 only).

by hagzag - 17/06/2009 - 02:57

In general NTLMv2 is supported on Linux since JAVA6.

Could you please clarify what it is you are connecting against on the Linux side? (samba, apache etc) - it could be that you need to force you Linux app to support NTLMv2 only, rather than NTLM and if your code supports NTLMv2 (and only that), of course you will be receiving errors.

In addition have you followed up this thread? http://forums.sun.com/thread.jspa?threadID=5362399&tstart=0 and was it useful?

by mark - 17/06/2009 - 06:39

I saw this thread, and have exactly same problem. I call Sharepoint Webservices from JAXWS (Metro stack) client.

Where you saw "In general NTLMv2 is supported on Linux since JAVA6"

My application runs on Linux, and Sharepoint of course on Windows
I use java6 implementation HttpUrlConnection.

by shlomo - 17/06/2009 - 10:00

See:
http://www.ioplex.com/jespa.html

They claim to fully support NTLMV2, might worth trying.

by mark - 17/06/2009 - 10:16

ioplex such as jcifs and oakland replaces / wraps sun HttpUrlConnection globaly per JVM overriding "java.protocol.handler.pkgs".

It can not be used because my code runs under JBoss and replacing protocol providers may cause to unpredictable behaviour.

by shlomo - 17/06/2009 - 11:12

Why not fork a separate JVM process? is it feasible in your case?

by mark - 17/06/2009 - 15:02

That was I did,
build simple proxy webserver that get unsecured requests and resend to the target host (Sharepoint) with NTLM , returns response to source

Very tricky workaround

by ioplex - 15/06/2010 - 18:03

This is false. Jespa does NOT wrap the Sun HttpURLConnection and Jespa fully implements both client and server side NTLMv2 in 100% Java. You can create independent HttpURLConnection instances with independent credentials (using the JAAS security model). Nothing is global. You have the *option* of installing it using "java.protocol.handler.pkgs" so that the URL class uses NTLMv2.

 

All HTTP code in JCIFS is useless and is being removed.

 

I don't know anything about Oakland Software's solution.