Sebastiaan van Erk wrote:
Hi,
I'm not sure it's supported yet in httpclient-4.1-alpha1, but continuing
on my kerberos quest, I was trying the next phase: kerberos proxy
authentication.
This time I'm requesting a public url from the target server via a
kerberos protected squid proxy. Again I tested this with firefox, and it
works fine. (The final phase, kerberos proxy AND kerberos server, also
works with firefox).
However, when I add the following two lines to the Kerberos http client
example:
HttpHost proxy = new HttpHost("tunnelproxy.servoy.com", 3128);
httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy);
The proxy authentication fails. It tries to authenticate to the service
for the target web server instead of for the proxy service, that is, I
get the following entry in my kdc.log:
2009-12-11T14:22:12 TGS-REQ [email protected] from IPv4:85.147.225.232
for HTTP/[email protected]
But for the proxy service you need a ticket to
HTTP/[email protected].
Is this a setup issue on my side, or is Kerberos proxy auth not yet
supported, or is this a bug?
Again I included the wirelog for further details.
Best regards,
Sebastiaan
Sebastiaan
I have some bad news for you. I suspect none of the actual HttpClient
committers might be able to help you with Kerberos related problems. I,
for one, have neither time nor inclination to dive into the subject.
Kerberos code is fully based on user contributions. You may want to get
in touch directly with the contributor of SPNEGO auth scheme [1] and
_very politely_ ask him for help. I will happily review and commit
patches, but my personal involvement will stop there.
Oleg
[1] http://issues.apache.org/jira/browse/HTTPCLIENT-523
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
