On 17/12/2011 3:42 a.m., Henrik Nordström wrote:
fre 2011-12-16 klockan 22:09 +1300 skrev Amos Jeffries:
As Henrik mentioned a few days ago the NTLM and Negotiate auth logics
are pretty much cut-n-paste copies of each other with a bit of symbol
renaming and a slight difference in bugs. The more I abstract the
objects back to a single core auth library with inherited
scheme-specific objects, the more this becomes visible.
Hmm.. wonder what happened with kerberos? Which btw should be identical
to negotiate except for scheme name.
There is a comment in the Negotiate code accepting it as input but
essentially saying "erase on sight, never advertise as a auth scheme".
NTLM = Microsoft NTLMSSP
Kerberos = GSSAPI
Negotiate = Microsoft SPNEGO
SPNEGO is a thin wrapper negotiating the actual auth method. I.e.
normally GSSAPI or NTLM, but also open for additional methods.
I've been wondering whether it would be a good idea to make these two
components libraries inherit from each other one way or another instead
of independently from the abstracted auth core objects.
Yes, abstracting the stateful auth scheme would be beneficial. NTLM and
Negotiate/Kerberos only differ slightly in one of the helper commands.
Regards
Henrik
Thanks. Onto the TODO list with it then.
Amos
