Github user semancik commented on the issue:
https://github.com/apache/httpcomponents-client/pull/66
@michael-o My understading is that it cannot be achieved by Kerberos for
all the cases. E.g. if you need device that is not part of the domain to access
WinRM service. That is often the case for monitoring or management
infrastructure (such as IDM).
Of course we are managing servers with "custom" code via SOAP. That's what
WinRM client is, isn't it?
As for the disagreement: the original NTLM "engine" in HTTP client was
stateless. I guess that it was stateless because it was only partial
implementation done long before Microsoft opened up the specifications. The
implementation was a simple 3-message exchange which was not that hard to
implement in a stateless way. However, CredSSP needs full NTLM implementation
with wrapping (a.k.a. "encryption") capability. Therefore I have implemented
it. In a stateful way, which was quite an obvious choice. But my contribution
was re-engineered to stateless implementation once again. Without any
explanation. That was the point that I have decided that the cooperation won't
work.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
