On Thu, Feb 23, 2006 at 05:00:02PM -0800, Patrick Ryan wrote: > On Fri, Feb 24, 2006 at 12:09:23AM +0000, Joe Orton wrote: > > That looks fine, but you have to check out over SSL to use Negotiate - > > neon will refuse to use Negotiate over an unsecured channel. > > Why permit plain-text but not Negotiate over regular http? Is it a > compatibility issue?
No, just that there's no expectation of security with Basic authentication. If Negotiate was used over plain HTTP any MITM can effectively assume your Kerberos credentials after the initial exchange takes place. joe _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
