Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to force Alfresco to use SPNEGO? (no Kerberos involved)

nicolasraoul
Star Contributor
Star Contributor

‎11-05-2009 03:51 AM

Hello all,

How can I force Alfresco to use SPNEGO?

I use Alfresco Enterprise 3.1 with its default <authenticator type="enterprise"/>
Wireshark shows that all SMB packets (from client and from server) contain a "Security blob" that contains an "NTLMSSP" block of data.
I have never managed to see any SPNEGO or GSS-API stuff in the packets using Alfresco.
Maybe because I am not using Kerberos?
Is there a way to force Alfresco to use SPNEGO even though there is no Kerberos involved?


————————————————————–
Before someone asks, here is why I want this:

I am facing the following bug:
- User logs into Windows
- User opens Internet Explorer 8 on Alfresco's Web Client
- User logs into Alfresco (not the same username as Windows)
- User clicks on any file's "View in CIFS"
- A connection error appears.
Reproducible 90% of the time. The important thing is that the share is not already mounted when the user clicks.

If I replace Alfresco with Samba, it works.
But if I configure Samba to "use spnego=no", the same error appears.

So I guess this bug appears when *not* using SPNEGO.
More on this bug: https://issues.alfresco.com/jira/browse/ALFCOM-3616

Thank you very much!
Nicolas Raoul
Labels:
0 Kudos
2 REPLIES 2

nicolasraoul
Star Contributor
Star Contributor

‎11-06-2009 01:12 AM

In EnterpriseCifsAuthenticator.java I have found what a piece of code that suggests there is such a possibility:


// Check if raw NTLMSSP or SPNEGO/NTLMSSP should be used
ConfigElement useSpnego = params.getChild("useSPNEGO");
if ( useSpnego != null) {

But a Google search for Alfresco useSpnego only returns this source file… does not look like a popular configuration element!
If anyone has more information, it would be greatly appreciated 🙂

Cheers,
Nicolas Raoul
0 Kudos

nicolasraoul
Star Contributor
Star Contributor

‎11-06-2009 04:12 AM

For anyone who would need it, here is how to force Alfreco to use SPNEGO:

<authenticator type="enterprise">
          <useSPNEGO/>
</authenticator>
Hope this helps someone in the future,
Nicolas Raoul.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC