hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 33432] - setAuthPreemptive restricted to BASIC AuthScheme
Date Tue, 08 Feb 2005 15:50:19 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=33432>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=33432





------- Additional Comments From olegk@apache.org  2005-02-08 16:50 -------
> Is it necessary to enforce a specific Authscheme at all?  Ideally I think 
> there should be no "special cases" as to what schemes support preemptive 
> auth or not (and theoretically one should be able to register several 
> schemes which are preemptive).

Aaron, 

(1) Preemptive auth is a hangover from the old HTTP/1.0, which we unfortunately
have to support. Ideally all authentication schemes should simply be able
properly challenge the client, if it fails to provide credentials with the
initial request. I do not understand why Kerberos seems unable to do so, but I
know next to nothing about Kerberos

(2) Unfortunately the preemptive authentication has to be treated as a "special
case", because the server simply may not support that particular auth scheme and
may request the client to authenticate using a different scheme. In all other
cases the server is not supposed to change the authentication scheme used in the
middle of the authentication process. 

You are very welcome to provide a fully functional patch to address the
limitation. Otherwise, I am planning to revisit the problem in the course of 4.0
development

Oleg

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message