httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mike Spreitzer" <sprei...@parc.xerox.com>
Subject RE: Kerberos authentication and authentication (proxy ticket forwarding)
Date Sat, 06 Nov 1999 13:59:50 GMT
OK, I see that the NTLM flavor of HTTP authentication is non-compliant in
lacking the mandated "auth-param" for "realm".  And the fact that more than
a single, server-initiated, round trip is involved looks dubious to me;
I'll let others continue the lawyering at this point, if anybody cares.
The fact that this suffices to authenticate for all subsequent requests on
the same connection doesn't look wrong to me.

But all this is just a side-bar to the question of what to do about
Kerberos.  As I said before, I think there's reason to hope that the
Kerberos case in Win2K IE&IIS won't involve multiple rounds of challenge
and response; I also think there's a reason to expect a "realm" auth-param
*will* be involved, as it's relevant for Kerberos.

Thanks,
Mike


Mime
View raw message