[
https://issues.apache.org/jira/browse/HTTPCLIENT-1834?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15932520#comment-15932520
]
Oleg Kalnichevski commented on HTTPCLIENT-1834:
-----------------------------------------------
bq. however, where the wrong scheme might be chosen because both NTLMScheme and
CredSspScheme use the same type of credentials
Authentication schemes get picked based on challenges contained in the response
message (and auth scheme priority defined by the user). It is perfectly safe
for different schemes to make use of the same credentials.
bq. I don't think it is harmful to leave the dot suffix stripping in here but I
wanted to let you know about this, since it is possible that the CredSsp class
might not work properly if NTCredentials does this manipulation on user and
domain before CredSsp has a crack at it. I suspect you're going to need to roll
out whatever change was made to NTCredentials in the 5.0 branch.
This is way above my rudimentary understanding of NTLM and CredSpp schemes. All
I know is that change was made due to HTTPCLIENT-1662. I am not sure I
understand what needs to be done here.
Oleg
> Clean up NTLM implementation and add CredSsp support
> ----------------------------------------------------
>
> Key: HTTPCLIENT-1834
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1834
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Reporter: Karl Wright
> Assignee: Karl Wright
> Fix For: 4.5.4, 4.6 Alpha1, 5.0 Alpha2
>
>
> The NTLM implementation has some oddities that we need to fix (flag handling,
> for instance), and we also have a contribution of a CredSsp implementation on
> top of that (github pull request 66).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
