tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 54076] SPNEGO authenticator's stateless-ness incompatible with stateful clients
Date Mon, 05 Nov 2012 09:37:27 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=54076

--- Comment #7 from Michael Osipov <1983-01-06@gmx.net> ---
(In reply to comment #6)
> (In reply to comment #5)
> > (In reply to comment #4)
> > > There is one work-around already available. Set alwaysUseSession on the
> > > Authenticator Valve.
> > 
> > This isn't even a workaround for me. You cannot guarantee that the client
> > will respond with the JSESSIONID cookie. You could end up with generating a
> > huge amount of empty sessions.
> 
> While it might not be a valid work-around for you it may well work for
> others. One of the purposes of Bugzilla is to provide useful information to
> others that stumble across an issue, not just to fix the issue for the
> original reporter.
> 
> > > I have added support for a second work-around to trunk and 7.0.x. This
> > > work-around enables HTTP keep-alive to be disabled for specified user-agents
> > > if they attempt to use SPNEGO. This will be included in 7.0.33 onwards.
> > 
> > Well, the server admin needs to know the client's UA preemptively. Is this
> > really feasable?
> 
> Yes, in some circumstances.
> 1. In many environments where SPNEGO is used (I am thinking corporate
> environments) the user agents are fixed, known and controlled.

I would object at least this one. Given a realistic example: We have more than
50 domains in our forest with around 1000 DCs or more. Try too find someone who
is responsible for a buggy server who will alter the config for you. Good luck.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message