[
https://issues.apache.org/jira/browse/HTTPCLIENT-1491?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Malcolm Smith updated HTTPCLIENT-1491:
--------------------------------------
Description:
I have found when using the org.apache.http.impl.auth.win patch for Kerberos
authentication in our corporate environment the InitializeSecurityContext
*pszTargetName parameter must be set to the service principal name
(http://msdn.microsoft.com/en-us/library/windows/desktop/ms721625(v=vs.85).aspx#_security_service_principal_name_gly)
for the Kerberos handshake to succeed.
This patch allows the service principal name to be provided to the
WindowsNegotiateScheme constructor via the Factory classes.
I am unsure if this is required or correct for NTLM.
For reference the SPN we use is of the form:
HTTP/[email protected]
* "myserver.mycomp.com" is the host name of the server we want to connect to
* "REALM.MYCOMP.COM" is the active directory realm.
was:
I have found when using the org.apache.http.impl.auth.win patch for Kerberos
authentication in our corporate environment the InitializeSecurityContext
*pszTargetName parameter must be set to the service principal name
(http://msdn.microsoft.com/en-us/library/windows/desktop/ms721625(v=vs.85).aspx#_security_service_principal_name_gly)
for the Kerberos handshake to succeed.
This patch allows the service principal name to be provided to the
WindowsNegotiateScheme constructor via the Factory classes.
I am unsure if this is required or correct for NTLM.
> Enable provision of Service Principal Name to InitializeSecurityContext
> ------------------------------------------------------------------------
>
> Key: HTTPCLIENT-1491
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1491
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpClient
> Affects Versions: 4.4 Alpha1
> Environment: Windows 7
> Reporter: Malcolm Smith
> Labels: kerberos, newbie, patch, windows
> Fix For: Future
>
> Attachments: auth.win.patch
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> I have found when using the org.apache.http.impl.auth.win patch for Kerberos
> authentication in our corporate environment the InitializeSecurityContext
> *pszTargetName parameter must be set to the service principal name
> (http://msdn.microsoft.com/en-us/library/windows/desktop/ms721625(v=vs.85).aspx#_security_service_principal_name_gly)
> for the Kerberos handshake to succeed.
> This patch allows the service principal name to be provided to the
> WindowsNegotiateScheme constructor via the Factory classes.
> I am unsure if this is required or correct for NTLM.
> For reference the SPN we use is of the form:
> HTTP/[email protected]
> * "myserver.mycomp.com" is the host name of the server we want to connect to
> * "REALM.MYCOMP.COM" is the active directory realm.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
