These protocols are, unfortunately, still used. However, the projects I know that use them have not yet moved to 5.x of httpcomponents. Other projects I know of that used to use httpcomponents have since upgraded to different http libraries that supported http 2.0 early on.
The hint that all it takes is a shove from below to convince other projects to drop NTLM support is, perhaps, not accurate. Projects that maintain NTLM support do so because they are tied to legacy systems that use it. Later improvements, e.g. Kerberos, have also only lightly been supported by HttpComponents, and only with external configuration, which really limits its utility. ManifoldCF, which does much integration with windows systems, supports Kerberos but only in the most hacky way, because there wasn't anything more seamless available. I would therefore counter-propose that Kerberos become a first-class replacement to NTLM before NTLM is discontinued. By first-class, I mean that it is possible to programmatically set up a kerberos connection without an external config file. Maybe this is now possible; if so please correct me. I would love to be able to contribute to this effort, but I fear my day job's responsibilities are so vast and growing that this will be impossible. At best I can maintain the projects I have; new development is out of the question at the moment. Karl On Sat, Nov 20, 2021 at 11:42 AM Oleg Kalnichevski <ol...@apache.org> wrote: > Folks > > Presently NTLM & SPNEGO are stated as supported authentication schemes, > by the project which is, quite frankly, not the case. There are partial > implementations in various state of decay contributed some while ago by > contributors long gone with no one on the project both capable and > willing to maintain that code and deal with user reported issues. > > I think we should drop the pretense and start dealing with the problem. > If we cannot adequately support those features we should consider > deprecating and eventually removing them entirely. > > As the first step I would like to propose NTLM & SPNEGO be made an opt- > in feature as of version 5.3. Users would have to explicitly enable > NTLM & SPNEGO support to make HttpClient engage in an NTLM or SPNEGO > handshake. > > This may encourage people vested in NTLM and SPNEGO come forth and help > support those features. > > Also, the deprecation or removal of NTLM would unable us to drop > connection state tracking support and greatly simplify the connection > management APIs. > > Oleg > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org > For additional commands, e-mail: dev-h...@hc.apache.org > >
