I think so. Thanks! On Thu, 10 Nov 2022 at 7:19 PM, Michael Osipov <micha...@apache.org> wrote:
> Am 2022-11-10 um 06:29 schrieb Yibo Liu: > > Hi Guys, > > > > I noticed that Microsoft no longer recommends NTLM in applications > > since 2010 due to some security vulnerabilities[1]. And a more secure > > authentication protocol Kerberos replaced NTLM as the default > > authentication tool on Windows 2000 and later releases[2]. > > > > My question is why does httpclient still implement NTLM instead of > > only providing the most preferred protocol - Kerberos? Are there any > > other reasons besides backward compatibility? > > > > [1] > https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/1e846608-4c5f-41f4-8454-1b91af8a755b?redirectedfrom=MSDN > > [2] https://techgenix.com/kerberosandwindows2000/ > > Historical reasons. It will be removed. NTLM always had bad design choices. > > M > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > >