hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roland Weber <ossf...@dubioso.net>
Subject Re: NTLMv2 in Apache HttpClient
Date Sun, 02 Mar 2008 08:16:06 GMT
Hi Cathy, Oleg,

please apologize my dropping a bit of salt into the soup.

Oleg Kalnichevski wrote:
> On Wed, 2008-02-27 at 15:18 -0800, ckegley@us.ibm.com wrote:
>> Hi Oleg,
> Hi Cathy
>> I am investigating what it would take to add NTLMv2 support to the Apache
>> HttpClient as well as integrated Windows authentication for both NTLMv1
>> and v2.  I have seen your name on numerous messages in the forum
>> regarding NTLM, so thought I write you.  Is this support something you
>> would be interested to see contributed back to the HttpClient?  What are
>> the restrictions on this?
> Absolutely. We would love to see a better support for NTLMv2 in
> HttpClient.

Yes, we would love to see better support for NTLMv2 in HttpClient.
But what we would not want to see is somebody dropping a huge block
of code on us without giving further support. There will be user
questions on how things work or why they don't, and there will be
bugs that need fixing. Will there also be developers staying with
the code to answer those questions and fix those bugs?
As far as I can tell, the OSS expertise around NTLM currently resides
at Samba/jCIFS. That's why our thoughts revolved around using jCIFS:
we wouldn't need to become NTLM experts ourselves.

If the idea is to create a self-sustaining subproject for NTLM, I'm
all for it. But that means Incubator, not a code donation to us.
Please note that we cannot make releases that depend on incubating
code, so we would have to wait for the podling to graduate before
making use of the functionality. On graduation from the Incubator,
HC seems to be a natural fit.
I know that IBM is aware of this problem and has procedures in
place to prevent code drops.[1] I'm just mentioning it so the
other folks in this discussion are aware of it, too. Getting
through the approval process for OSS code donations within IBM
is a major hurdle in itself :-)

Cathy, your suggestion involves two items. The first one is
support for NTLMv2 in pure Java. It can be considered an extension
of the current NTLMv1 support in HttpClient 3.1, though of course
we'd add it only to the 4.0 codebase. The second is integrated
Windows authentication. That means native (C/C++?) and platform
specific code.
Apache is a do-ocracy.[2] I don't have time to spend on NTLM and
therefore will mostly keep out of this discussion. If others are
OK with a code donation rather than an Incubator podling for the
first pure-Java item, that's OK with me too. But the platform
specific and native (non-Java) code required for integrated Windows
authentication MUST pass through the Incubator and create a
self-sustaining developer community before joining HC. Maybe
it is possible to find some people interested in implementing
integrated authentication for Mac and Linux. You'll need two
non-IBM committers to meet graduation requirements.[3]

A question that remains is whether it makes sense to duplicate
the efforts of the Samba team at Apache.


[2] http://www.apache.org/foundation/how-it-works.html#management

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message