hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1834) Clean up NTLM implementation and add CredSsp support
Date Mon, 20 Mar 2017 11:32:41 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15932520#comment-15932520
] 

Oleg Kalnichevski commented on HTTPCLIENT-1834:
-----------------------------------------------

bq. however, where the wrong scheme might be chosen because both NTLMScheme and CredSspScheme
use the same type of credentials

Authentication schemes get picked based on challenges contained in the response message (and
auth scheme priority defined by the user). It is perfectly safe for different schemes to make
use of the same credentials.

bq. I don't think it is harmful to leave the dot suffix stripping in here but I wanted to
let you know about this, since it is possible that the CredSsp class might not work properly
if NTCredentials does this manipulation on user and domain before CredSsp has a crack at it.
I suspect you're going to need to roll out whatever change was made to NTCredentials in the
5.0 branch.

This is way above my rudimentary understanding of NTLM and CredSpp schemes. All I know is
that change was made due to HTTPCLIENT-1662. I am not sure I understand what needs to be done
here.

Oleg

> Clean up NTLM implementation and add CredSsp support
> ----------------------------------------------------
>
>                 Key: HTTPCLIENT-1834
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1834
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>            Reporter: Karl Wright
>            Assignee: Karl Wright
>             Fix For: 4.5.4, 4.6 Alpha1, 5.0 Alpha2
>
>
> The NTLM implementation has some oddities that we need to fix (flag handling, for instance),
and we also have a contribution of a CredSsp implementation on top of that (github pull request
66).



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message