Hi Mike, > In HEAD I agree that we have better options. Most likely we will need > to extend AuthScheme as you mention to include a flag for > connection/request based authentication.
Exactly > As far as 2.0 goes, I think that testing for NTLM is acceptable for now, > but I think the patch as it is will not handle all cases. In particular > I think NTLM proxy and Basic host will fail. This is because on the > fourth request, when the proxy has authenticated, > authscheme.getSchemeName() will return "BASIC", and the NTLM header will > not be removed. The NTLM headers should only have a lifetime of a > single request, we need some way to remove them every time. We may have > to just explicitly remove any NTLM Proxy-Authentication or > Authentication headers on every request. I agree. I'll try to come up with another try within a few days (most likely tomorrow) Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
