On Sat, 2021-11-20 at 12:25 -0500, Karl Wright wrote: > These protocols are, unfortunately, still used. > > However, the projects I know that use them have not yet moved to 5.x > of > httpcomponents. Other projects I know of that used to use > httpcomponents > have since upgraded to different http libraries that supported http > 2.0 > early on. > > The hint that all it takes is a shove from below to convince other > projects > to drop NTLM support is, perhaps, not accurate. Projects that > maintain > NTLM support do so because they are tied to legacy systems that use > it. > Later improvements, e.g. Kerberos, have also only lightly been > supported by > HttpComponents, and only with external configuration, which really > limits > its utility. ManifoldCF, which does much integration with windows > systems, supports Kerberos but only in the most hacky way, because > there > wasn't anything more seamless available. > > I would therefore counter-propose that Kerberos become a first-class > replacement to NTLM before NTLM is discontinued. By first-class, I > mean > that it is possible to programmatically set up a kerberos connection > without an external config file. Maybe this is now possible; if so > please > correct me. > > I would love to be able to contribute to this effort, but I fear my > day > job's responsibilities are so vast and growing that this will be > impossible. At best I can maintain the projects I have; new > development is > out of the question at the moment. > > Karl >
Hi Karl I am so happy that you are still keeping an eye on the mailing list and reacting on NTLM related matters. I do understand your position. The problem is there are no volunteers eager to do work on Kerberos support either. We cannot keep on pretending everything is all right. We need to make downstream projects aware of the situation and making NTLM, SPNEGO and Kerberos an opt-in features by default would be the right thing to do in my opinion. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
