On Fri, Feb 24, 2006 at 01:28:16AM +0000, Joe Orton wrote: > On Thu, Feb 23, 2006 at 05:00:02PM -0800, Patrick Ryan wrote: > > Why permit plain-text but not Negotiate over regular http? Is it a > > compatibility issue? > > No, just that there's no expectation of security with Basic > authentication. If Negotiate was used over plain HTTP any MITM can > effectively assume your Kerberos credentials after the initial exchange > takes place.
Ahh, gotcha. Thanks, Patrick _______________________________________________ neon mailing list [email protected] http://mailman.webdav.org/mailman/listinfo/neon
