[ https://issues.apache.org/jira/browse/HTTPCLIENT-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16577349#comment-16577349 ]
Michael Osipov edited comment on HTTPCLIENT-1912 at 8/11/18 10:21 PM: ---------------------------------------------------------------------- I believe that with the client 4.x it is hardly possible to make this right (complete the security context). I started some notes on our wiki: https://wiki.apache.org/HttpComponents/IssueTracking/HTTPCLIENT-1625. Here is the impl: https://github.com/apache/serf/blob/trunk/auth/auth_spnego_gss.c, here the description: https://github.com/apache/serf/blob/trunk/auth/auth_spnego.h and https://github.com/apache/serf/blob/trunk/auth/auth_spnego.c. This is the only open source implemenation I know which does it right, except Chrome and Firefox. If you compile serf from source, you can do {{scons test}} and it will generate {{serf_get}}. It has a detailed debug mode which will show you that is has successfully completed the security context. It works well with IIS, Forefront TMG, HTTPd with mod_auth_gssapi as well as Tomcat with my SPNEGO authenticator. was (Author: michael-o): I believe that with the client 4.x it is hardly possible to make this right (complete the security context). I started some notes on our wiki: https://wiki.apache.org/HttpComponents/IssueTracking/HTTPCLIENT-1625. Here is the impl: https://github.com/apache/serf/blob/trunk/auth/auth_spnego_gss.c, here the description: https://github.com/apache/serf/blob/trunk/auth/auth_spnego.h and https://github.com/apache/serf/blob/trunk/auth/auth_spnego.c. This is the only open source implemenation I know which does it right, except Chrome and Firefox. > AuthSchemes.SPNEGO should be able to specify login conf and krb5 conf as > parameters instead of system properties > ---------------------------------------------------------------------------------------------------------------- > > Key: HTTPCLIENT-1912 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1912 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpClient (classic) > Affects Versions: 4.5.2 > Reporter: Nicholas DiPiazza > Priority: Major > Labels: volunteers-wanted > Fix For: Stuck > > > in order to use spenego > see > [example|https://github.com/jumarko/kerberos-auth-example/blob/master/src/main/java/net/curiousprogrammer/auth/kerberos/example/KerberosAuthExample.java] > you need to specify system properties to specify a custom krb5.conf or > login.conf location. > It would be very useful if these could be given as parameters somehow instead > of system properties, because in our cloud apps use case, sharing these as > system properties at the jvm level is causing conflicts. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org