[security-dev 01584]: Re: Request for comment: spec: NTLM as a SASL mech

Max (Weijun) Wang Weijun.Wang at Sun.COM
Tue Feb 2 18:57:27 PST 2010


On Feb 3, 2010, at 2:44 AM, Bill Shannon wrote:

> Max (Weijun) Wang wrote on 02/ 1/10 10:49 PM:
>> Hi All
>> Please take a review on this draft before I send it for CCC:
>>   http://cr.openjdk.java.net/~weijun/spec/NTLMSASL.0.1
>> The spec includes a raw NTLM API defined in com.sun.* namespace and describes the newly added SASL mech.
> 
> Are you planning to expose the com.sun.security.ntlm APIs as a public
> interface?

Yes, I want it be an API.

> 
> The javadocs for the Client constructor mention a param "version" but
> the parameter is actually named "type".
> 
> In Server.type2(), how many bytes must be in the nonce?
> 
> In Server.getPassword(), "overrided" -> "overridden".

All above fixed.

> 
> Rather than the system property "ntlm.debug", why don't you use
> java.util.logging?

I'll look into it.

Thanks
Max




More information about the security-dev mailing list