hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Olofsson <r...@khelekore.org>
Subject Re: [HttpConn] connection management
Date Sat, 06 Jan 2007 21:42:44 GMT
Roland Weber wrote:
> My question is: will _all_ requests over that connection share
> the authentication, or do they still require some Authentication:
> or Proxy-Authentication: header? In other words, if the connection
> is given back to the connection manager and subsequently re-used,
> will those requests accidentally "inherit" the NTLM authentication?

As far as I understand it, yes as long as that connection is open
all resources transferred are considered authenticated.
NTLM is problematic since it works very differently from how http is
supposed to work. NTLM keeps state, http does not.

The only way I have managed to get my proxy to handle NTLM connections
between the real server and the real client is to switch the proxy
to a dumb tunnel when NTLM is negotiated (otherwise another client might
reuse the same server connection and be authenticated). For a
proxy any accidental authentication inheriting is very bad, for a normal
browser/tool it is probably ok.

I suspect that there are lots of proxies that have problems when the
real server tries to use NTLM.

/robo

---------------------------------------------------------------------
To unsubscribe, e-mail: httpcomponents-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpcomponents-dev-help@jakarta.apache.org


Mime
View raw message