Re: "negotiate" auth with fallback to other schemes

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Thu, 25 Feb 2010 20:27:56 +0100

tor 2010-02-25 klockan 11:20 +1300 skrev Amos Jeffries:

> What would be nice is that if the Kerberos libraries received NTLM input
> they should handle it as NTLM instead of immediately rejecting it. When
> that happens the Squid kerberos helper (or an extended one) should be able
> to handle both auth methods without re-challenging.

Negotiate (SPNEGO) is a wrapper around the Windows SSP providers, all of
them, and encapsulates both GSSAPI (Kerberos) and NTLM and a lot more.

Raw Kerberos (GSSAPI) without SPNEGO also exists in Microsoft HTTP in
the form of the Kerberos auth scheme.

This said it should perhaps be mentioned that GSSAPI is also a wrapper,
but without negotiation capabilities.

Regards
Henrik
Received on Thu Feb 25 2010 - 19:28:04 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 26 2010 - 12:00:15 MST