[security-dev 01582]: Re: Request for comment: spec: NTLM as a SASL mech

Bill Shannon bill.shannon at sun.com
Tue Feb 2 10:44:28 PST 2010


Max (Weijun) Wang wrote on 02/ 1/10 10:49 PM:
> Hi All
> 
> Please take a review on this draft before I send it for CCC:
> 
>    http://cr.openjdk.java.net/~weijun/spec/NTLMSASL.0.1
> 
> The spec includes a raw NTLM API defined in com.sun.* namespace and describes the newly added SASL mech.

Are you planning to expose the com.sun.security.ntlm APIs as a public
interface?

The javadocs for the Client constructor mention a param "version" but
the parameter is actually named "type".

In Server.type2(), how many bytes must be in the nonce?

In Server.getPassword(), "overrided" -> "overridden".

Rather than the system property "ntlm.debug", why don't you use
java.util.logging?



More information about the security-dev mailing list