PATCH - improvement for Negotiate authentication
Waldo Bastian
bastian at kde.org
Fri Sep 24 11:01:19 BST 2004
On Friday 24 September 2004 01:29, Dawit A. wrote:
> On Thursday 23 September 2004 14:31, Karsten Künne wrote:
> > Regarding HTTP authentication we should have all the bases covered now. A
> > couple things still remain. First, should the order in which kio_http
> > tries authentication methods be configurable? It's currently hardcoded
> > with "NTLM" trumps "Negotiate" which is preferred over "Digest" which is
> > preferred over "Basic". But bothering the user with that stuff might not
> > be a good idea on the other hand because most users probably don't know
> > what this is all about and the current order works well in almost all
> > cases.
>
> IMHO nothing should trump "Digest" if multiple authentication schemes are
> returned by the server. However, if a server sends "Negotiate" and we
> support that mechanism, then we should negotiate with it and use whatever
> it suggests. In the absence of "Negotiate" the order of preference should
> IMHO be kept "Digest", "NTLM" and finally "Basic".
Do I understand correctly that both NTLM and Negotiate allow passwordless
authentication (Or does NTLM still require the user to enter a password)? If
they are passwordless they should be preferred over Digest.
In that case the remaining issue is whether NTLM or Negotiate should be
preferred when both are offered. I guess this depends on which one tends to
work better.
Cheers,
Waldo
--
bastian at kde.org | Wanted: Talented KDE developer | bastian at suse.com
http://www.suse.de/de/company/suse/jobs/suse_pbu/developer_kde.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20040924/c9d58840/attachment.sig>
More information about the kfm-devel
mailing list