Wednesday, May 26, 2010

NTLM authentication is no longer supported by Spring Security 3.0.x

I am exploring the way to automatically authenticated on Windows platforms on Spring Security. The older way of doing this is by using the NTLM_FILTER which works with Spring Security 2.0.x.

I just realised that the NTLM filter is no longer supported in Spring Security 3.0.x. The preferred way to do authentication is using the Kerberos.

http://blog.springsource.com/2009/09/28/spring-security-kerberos/

I have stumbled upon this Kerberos authentication has since my freshmen year at university back in 1995. It should then be  I remember when using the yellow page tools on SunOS in SPARCstation  boxes; the ypbind, yppasswd, etc (renamed NIS) are Kerberos based. It's been around for years, yet I haven't had much experience in setting the configuration on the server from scratch.

Now that I have to explore this, it's time to go in depth with this Kerberos stuffs.

The Windows NT which formerly has its own authentication system, that time, began to adopting standards such as LDAP, Kerberos, etc. NTLM -- which stands for NT LAN Manager, hum, sounds very very oldies kind of stuff -- has been superseded by Kerberos based authentication. Windows 2000 started providing Kerberos authentication as an alternative. Of course since the introduction of Kerberos based system, the transition has been slow, suggesting the new user to use Kerberos by default, and only supporting NTLM when they need backward compatibility with old systems (such as Windows 98). Nevertheless there are some people is still using the NTLM on their legacy systems.

The Spring Security team has deprecated the NTLM integration and move to Kerberos based authentication (for Windows systems) instead.