Negotiate authentication for HTTP

Karsten Künne kuenne at rentec.com
Thu Jul 8 00:41:42 BST 2004


Somebody on kde-devel suggested that I forward this to kfm-devel.

----------  Forwarded Message  ----------

Subject: Negotiate authentication for HTTP
Date: Wednesday 07 July 2004 00:33
From: Karsten Künne <kuenne at rentec.com>
To: kde-devel at mail.kde.org

Hi,

After Mozilla came out with support for negotiate authentication and we try
 to deploy it for our internal webservice I couldn't let Konqueror stand in
 the dark and be abandoned by our users. So I hacked together a patch for
 kioslave/http in order to support negotiate authentication. This patch works
 fine with apache and mod_auth_kerb-5.0-rc5 and heimdal on the server side. I
 tested it on a SuSE 9.0 system with KDE 3.2.3 but the diff is against KDE
 CVS from yesterday (there aren't many changes in this area between 3.2.3 and
 CVS). I don't know whether I got the autoconf magic right, I'm not an expert
 on that. Also, this implementation will most likely NOT work with IIS and
 SPNEGO and it doesn't support mutual authentication as it does not support
 multiple roundtrips between client and server. I have no way of testing
 against IIS so I can't work on this. But if you're using apache and
mod_auth_kerb-5.0 it should work fine. It also supports multiple
WWW-Authenticate headers, for instance "Negotiate" and "Basic" (this is what
our server sends). If "Negotiate" repeatedly fails it falls back to the next
lower authentication (in our case "Basic"). This is the behavior we want at
our site. All the changes in http.cc and http.h are ifdef'd with
HAVE_LIBGSSAPI so it should be transparent if this is not defined.

Please have a look and let me know whether this is useful for inclusion into
kdelibs.


Karsten.
--
The Psblurtex is an 18-inch long anaconda that hides in the gentlemen's
outfitting departments of Amazonian stores and is often bought by
mistake since its colors are those of the London Reform Club.  Once
tied around its victim's neck, it strangles him gently and then claims
the insurance before running off to Germany where it lives in hiding.
		-- Mike Harding, "The Armchair Anarchist's Almanac"

-------------------------------------------------------


Karsten.
-- 
We are all worms.  But I do believe I am a glowworm.
		-- Winston Churchill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gssapi.diff
Type: text/x-diff
Size: 13034 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20040707/7eecb522/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20040707/7eecb522/attachment.sig>


More information about the kfm-devel mailing list