hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Moritz Bechler (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1625) Completely overhaul GSS-API-based authentication backend
Date Tue, 07 Apr 2015 14:16:12 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14483222#comment-14483222
] 

Moritz Bechler commented on HTTPCLIENT-1625:
--------------------------------------------

Hi,

moving this here from wagon.

I don't think my code will be much of help with your current problem as it is based on the
current implementation and primarily focused on preemptive authentication (in that case the
current implementation works if the GSS exchange is just request and response), still here
it is: https://github.com/AgNO3/httpclient4-spnego/

Am I right in assuming that by implemented incorrectly you mean that it does not keep connection
state? Agreed.

I would add the (not easily changeable) default of adding the port to the SPN to this list.
This is a Microsoft proprietary usage and breaks Domain->Realm mapping in every other implementation
I am aware of (including Java's where this was classified as WONTFIX as it is well outside
the Kerberos spec) i.e. fails if client principal realm != server principal realm.

Another suggestion I would have is to still implement an option to have auth performed preemptively
on every request as there are also a few server implementations out there that do not keep
connection state.


regards

Moritz


> Completely overhaul GSS-API-based authentication backend
> --------------------------------------------------------
>
>                 Key: HTTPCLIENT-1625
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1625
>             Project: HttpComponents HttpClient
>          Issue Type: Task
>          Components: Documentation, HttpAuth, HttpClient
>    Affects Versions: 4.5 Alpha1
>            Reporter: Michael Osipov
>            Assignee: Michael Osipov
>             Fix For: 4.5 Alpha1
>
>
> The current implementation does not reflect the way GSS-API-based authentication should
be done. It has several design flaws.
> This is an umbrella task for:
> 1. Deprecate all old classes
> 2. Investigate how it has to be plugged into HttpClient
> 3. Reimplement from scratch
> 4. Thoroughly test all new stuff
> 5. Rewrite documentation
> Design notes are canonically available under: https://wiki.apache.org/HttpComponents/IssueTracking/HTTPCLIENT-1625



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message