On 10/10/06, Branko Èibej <brane@xbc.nu> wrote:
> Stefan Küng wrote:
> > default is SSPI disabled:
> > * users can't connect to their repositories, because they have a proxy
> > in between which requires SSPI authentication.
>
> So what happens in the following case:
>
> * there's a proxy between the user and the repo that requires SSPI auth
> * using SSPI with the repo server results in the wrong user ID being
> used
>
> now if we disable SSPI in the second attempt ... won't the proxy
> authentication fail then?
>
> -- Brane
>
Neon 0.26.1 also allows the same new auth API's for proxies, so we
should probably add config options for http_proxy_auth, and maybe we
could do something here as well. But I'm not sure trying to handle
these 'authn works, authz fails' situations dynamically is going to be
practical. Does anyone know of some other app (browser or something)
that handles these kinds of problems well?
It seems to me that if you are using automatic-authn methods and want
to use a different user, then you need to use RunAs or 'su' or
whatever to temporarily tell the OS to switch your user credentials,
don't you? Isn't that the normal way to deal with different users in
automatic-authn environments?
DJ
Received on Thu Oct 12 15:42:44 2006