Am 2021-11-20 um 19:35 schrieb Oleg Kalnichevski:
On Sat, 2021-11-20 at 12:25 -0500, Karl Wright wrote:
These protocols are, unfortunately, still used.
However, the projects I know that use them have not yet moved to 5.x
of
httpcomponents. Other projects I know of that used to use
httpcomponents
have since upgraded to different http libraries that supported http
2.0
early on.
The hint that all it takes is a shove from below to convince other
projects
to drop NTLM support is, perhaps, not accurate. Projects that
maintain
NTLM support do so because they are tied to legacy systems that use
it.
Later improvements, e.g. Kerberos, have also only lightly been
supported by
HttpComponents, and only with external configuration, which really
limits
its utility. ManifoldCF, which does much integration with windows
systems, supports Kerberos but only in the most hacky way, because
there
wasn't anything more seamless available.
I would therefore counter-propose that Kerberos become a first-class
replacement to NTLM before NTLM is discontinued. By first-class, I
mean
that it is possible to programmatically set up a kerberos connection
without an external config file. Maybe this is now possible; if so
please
correct me.
I would love to be able to contribute to this effort, but I fear my
day
job's responsibilities are so vast and growing that this will be
impossible. At best I can maintain the projects I have; new
development is
out of the question at the moment.
Karl
Hi Karl
I am so happy that you are still keeping an eye on the mailing list and
reacting on NTLM related matters.
I do understand your position. The problem is there are no volunteers
eager to do work on Kerberos support either. We cannot keep on
pretending everything is all right. We need to make downstream projects
aware of the situation and making NTLM, SPNEGO and Kerberos an opt-in
features by default would be the right thing to do in my opinion.
FWIW, I have explicitly configured auth schemes in Wagon to those known
to work (except NTLM): https://issues.apache.org/jira/browse/WAGON-539
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org
