[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: "Windows Authentication" Was: "Credentials Caching - Security Guy Not Happy" from users list

From: Joe Orton <joe_at_manyfish.co.uk>
Date: 2004-08-28 01:40:52 CEST

On Thu, Aug 26, 2004 at 02:17:06PM -0400, Greg Hudson wrote:
> There exists a standard for performing Kerberos authentication over
> HTTP, and it's implemented by an Apache httpd module as well as some web
> browsers (IE, Mozilla). But neon, our HTTP client library, doesn't
> implement it currently. So one option would be to look into
> implementing this in neon.

neon has had limited support for Negotiate since 0.24.5, the notable
omission is correct handling of multiple-scheme challenges e.g.
Basic+Negotiate - it's improved for 0.25.x. Negotiate can only be used
securely over SSL, which really negates half the benefits, and the neon
code hasn't been tested much against the IIS implementation.


To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Aug 28 01:41:18 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.