fre 2011-12-16 klockan 22:09 +1300 skrev Amos Jeffries: > As Henrik mentioned a few days ago the NTLM and Negotiate auth logics > are pretty much cut-n-paste copies of each other with a bit of symbol > renaming and a slight difference in bugs. The more I abstract the > objects back to a single core auth library with inherited > scheme-specific objects, the more this becomes visible.
Hmm.. wonder what happened with kerberos? Which btw should be identical to negotiate except for scheme name. NTLM = Microsoft NTLMSSP Kerberos = GSSAPI Negotiate = Microsoft SPNEGO SPNEGO is a thin wrapper negotiating the actual auth method. I.e. normally GSSAPI or NTLM, but also open for additional methods. > I've been wondering whether it would be a good idea to make these two > components libraries inherit from each other one way or another instead > of independently from the abstracted auth core objects. Yes, abstracting the stateful auth scheme would be beneficial. NTLM and Negotiate/Kerberos only differ slightly in one of the helper commands. Regards Henrik
