Am 2022-11-10 um 06:29 schrieb Yibo Liu:
Hi Guys,
I noticed that Microsoft no longer recommends NTLM in applications
since 2010 due to some security vulnerabilities[1]. And a more secure
authentication protocol Kerberos replaced NTLM as the default
authentication tool on Windows 2000 and later releases[2].
My question is why does httpclient still implement NTLM instead of
only providing the most preferred protocol - Kerberos? Are there any
other reasons besides backward compatibility?
[1]
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/1e846608-4c5f-41f4-8454-1b91af8a755b?redirectedfrom=MSDN
[2] https://techgenix.com/kerberosandwindows2000/
Historical reasons. It will be removed. NTLM always had bad design choices.
M
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org