[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Re: Negotiate authentication for HTTP
From: Waldo Bastian <bastian () kde ! org>
Date: 2004-07-12 10:59:47
Message-ID: 200407121259.47280.bastian () kde ! org
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu July 8 2004 01:41, Karsten Künne wrote:
> After Mozilla came out with support for negotiate authentication and we try
> to deploy it for our internal webservice I couldn't let Konqueror stand in
> the dark and be abandoned by our users. So I hacked together a patch for
> kioslave/http in order to support negotiate authentication.
Great, thanks!
> This patch
> works fine with apache and mod_auth_kerb-5.0-rc5 and heimdal on the server
> side. I tested it on a SuSE 9.0 system with KDE 3.2.3 but the diff is
> against KDE CVS from yesterday (there aren't many changes in this area
> between 3.2.3 and CVS). I don't know whether I got the autoconf magic
> right, I'm not an expert on that. Also, this implementation will most
> likely NOT work with IIS and SPNEGO and it doesn't support mutual
> authentication as it does not support multiple roundtrips between client
> and server. I have no way of testing against IIS so I can't work on this.
> But if you're using apache and mod_auth_kerb-5.0 it should work fine. It
> also supports multiple
> WWW-Authenticate headers, for instance "Negotiate" and "Basic" (this is
> what our server sends). If "Negotiate" repeatedly fails it falls back to
> the next lower authentication (in our case "Basic"). This is the behavior
> we want at our site. All the changes in http.cc and http.h are ifdef'd with
> HAVE_LIBGSSAPI so it should be transparent if this is not defined.
In HTTPProtocol::configAuth you add stuff like:
if ( !b && PrevAuthentication < AUTH_Digest )
why is that needed? Because later on there is this test already:
if ( f == AUTH_None ||
(b && m_iProxyAuthCount > 0 && f < ProxyAuthentication) ||
(!b && m_iWWWAuthCount > 0 && f < Authentication) )
You also #ifdef-out the following lines when HAVE_LIBGSSAPI is found:
else
m_iWWWAuthCount++;
return;
Why is that?
Cheers,
Waldo
- --
bastian@kde.org | KDE Community World Summit 2004 | bastian@suse.com
bastian@kde.org | 21-29 August, Ludwigsburg, Germany | bastian@suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQFA8m8jN4pvrENfboIRAlUdAJ9TgBL2I8MEoAKx3wsq9AdyrOMVKACeLXbO
gSV+1YdMmSvr4I2+CRxqAlE=
=+J+h
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic