On 29/01/2015 8:43 a.m., Markus wrote:
Hi Amos,
I never heard about squid Negotiate being non standard. Can you point
me to the reference please ?
The header syntax is defined in RFC 2617
(<http://tools.ietf.org/html/rfc2617#section-3.2.3>)
This RFC is only for "Basic and Digest Access Authentication" isn't it?
It defines
the WWW-Authenticate: and Authorization: headers for the two auth schemes.
Negotiate with NTLM or Kerberos token was defined in
http://www.ietf.org/rfc/rfc4559.txt with
challenge = "Negotiate" auth-data
auth-data = 1#( [gssapi-data] )
So the rfc does not define kv pairs.
Julian Reschke has a new draft out for clarifying the syntax which makes
it plainy obvious as " key=value [ ',' key=value ]* " :
<http://tools.ietf.org/html/draft-reschke-httpauth-auth-info-00>
http://tools.ietf.org/html/rfc7235 tries to define a standard for all
Authentication methods but seems to ignore rfc4559 as it refers only to
rfc2617.
The Reschke draft deals only with a new Authentication-Info header, so has
nothing directly to do with the other rfcs.
... by comparison Squid just dumps "Negotiate " then base64 token into
the header like it was using WWW-/Proxy-Authenticate syntax.
Amos
Regards
Markus
_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
