hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wright <daddy...@gmail.com>
Subject Re: My introduction and JIRA karma
Date Fri, 14 Nov 2014 17:53:16 GMT
Hi Michael,

NTLM has not been significantly changed in a long while, and we use it all
the time, so I'm not expecting there to be any changes in that code that
need to be made.

Native code is not something that will work for ManifoldCF because it must
work the same on linux as well as windows systems.  So SSPI cannot be a
replacement for the proprietary NTLM implementation at this time.

As for Kerberos -- we have people who use it, although with difficulty.
What we're really missing is a non-native Java way of obtaining Kerberos
tickets given the appropriate credentials, before it can hope to replace
NTLM.  This is because authentication is built into MCF connectors; it must
be possible to authenticate within the application.

Thanks,
Karl


On Fri, Nov 14, 2014 at 12:47 PM, Michael Osipov <michaelo@apache.org>
wrote:

> Hi Karl and thanks for the welcome,
>
> Am 2014-11-14 um 17:44 schrieb Karl Wright:
>
>> Welcome onboard!
>>
>> I'm the lead with the ManifoldCF project, which is a heavy user of
>> httpclient, and the implementer of the NTLM code that HttpClient currently
>> includes.  I'm looking forward to someone keeping up to date with all the
>> various authentication/authorization protocols, since this changes
>> apparently hourly these days.
>>
>
> NTLM is a proprietary and tricky beast. Avoid it, if you can, migrate to
> Kerberos.
>
> As for auth, I will focus on GSS-API-provided mechs first and those from
> SSPI (which supports NTLM natively) then I will take a look at the
> proprietary stuff.
>
> Please keep an eye on my changes and test it once in a while. Give
> feedback if necessary.
>
>
> Michael
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
> For additional commands, e-mail: dev-help@hc.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message