- Web, file system, and data store crawling
- Multi-format document support (Office, PDF, etc.)
- Admin GUI for configuration
- REST API for programmatic access
- SSO integration (OIDC, SAML, SPNEGO, Entra ID)
- i18n support (20+ languages)

## Tech Stack

| Component | Technology |
|-----------|------------|
| Web Framework | LastaFlute (MVC framework) |
| DI Container | Lasta Di |

- **Secure Key Management**: Proper key derivation and nonce generation

### Core Features
- **Per-context configuration**: No global state, each context encapsulates configuration
- **Authentication**: NTLM, Kerberos, SPNEGO unified subsystem
- **SLF4J Logging**: Comprehensive logging throughout the codebase
- **Resource Management**: AutoCloseable patterns for file handles and connections
- **Thread Safety**: Components support concurrent access

            }
        } else {
            server.guid = new byte[16];
            System.arraycopy(buffer, bufferIndex, server.guid, 0, 16);
            server.oemDomainName = new String();
            // ignore SPNEGO token for now ...
        }

        return bufferIndex - start;
    }

    @Override
    public String toString() {

 * scattered authentication implementations.
 */
public interface AuthenticationProvider {

    /**
     * Authentication type enumeration
     */
    enum AuthType {
        NTLM, KERBEROS, SPNEGO, GUEST, ANONYMOUS
    }

    /**
     * Gets the authentication type
     *
     * @return the authentication type
     */
    AuthType getAuthType();

    /**

    protected boolean allowNTLMFallback = true;
    /** Whether to use raw NTLM authentication without SPNEGO */
    protected boolean useRawNTLM = false;
    /** Whether to disable SPNEGO integrity checking */
    protected boolean disableSpnegoIntegrity = false;
    /** Whether to enforce SPNEGO integrity checking */
    protected boolean enforceSpnegoIntegrity = true;
    /** Whether plain text passwords are disabled */

import jcifs.CIFSException;
import jcifs.Configuration;
import jcifs.spnego.NegTokenInit;

@ExtendWith(MockitoExtension.class)
class Kerb5AuthenticatorTest {

    @Mock
    CIFSContext tc;

    @Mock
    Configuration config;

    private static byte[] spnegoInitWithMechs(ASN1ObjectIdentifier... mechs) {
        // Build a minimal SPNEGO NegTokenInit containing the provided mechanisms

                                            <la:option value="saml">SAML</la:option>
                                            <la:option value="spnego">SPNEGO</la:option>
                                            <la:option value="entraid">Entra ID</la:option>
                                        </la:select>
                                    </div>

            bufferIndex += this.server.guid.length;
            this.server.oemDomainName = new String();

            if (this.byteCount > 16) {
                // have initial spnego token
                this.server.encryptionKeyLength = this.byteCount - 16;
                this.server.encryptionKey = new byte[this.server.encryptionKeyLength];

            // Arrange
            ASN1ObjectIdentifier mech1 = new ASN1ObjectIdentifier("1.2.840.113554.1.2.2"); // Kerberos V5
            ASN1ObjectIdentifier mech2 = new ASN1ObjectIdentifier("1.3.6.1.5.5.2"); // SPNEGO
            DummySSPContext ctx =
                    new DummySSPContext(new byte[] { 1, 2, 3 }, true, "NBHOST", new ASN1ObjectIdentifier[] { mech1, mech2 }, 0xA5, true);

            // Act & Assert

    private static final Logger log = LoggerFactory.getLogger(NtlmContext.class);

    /**
     * The NTLMSSP OID (1.3.6.1.4.1.311.2.2.10) used in SPNEGO negotiation.
     */
    public static ASN1ObjectIdentifier NTLMSSP_OID;

    static {
        try {
            NTLMSSP_OID = new ASN1ObjectIdentifier("1.3.6.1.4.1.311.2.2.10");