I think we want to support SPNego auth scheme. Isn't not having to go through the NTLMv2 handshake mechanism over and over again good for performance? It looks to me like the Kerberos ticket for the Exchange Web Service expires after 2 or 3 minutes. However, I could be sharing info with the EWS server a dozen or more times over that period. Perhaps I don't quite understand how these two mechanisms interact, and I appreciate any insight you can provide.
-----Original Message----- From: Oleg Kalnichevski [mailto:[email protected]] Sent: Friday, January 18, 2013 5:50 PM To: HttpClient User Discussion Subject: Re: NTLMv2 connection On Fri, 2013-01-18 at 13:43 -0600, Godbey, David J. (HQ-LM020)[DIGITAL MANAGEMENT INC.] wrote: > When I login to my Exchange server via http-client for the first time, I get > the following string out of the http-client to the server log. Subsequent > connections does not get the below warning. All transactions are working > properly. > > My sysops production person has asked if this warning can be suppressed since > we think we understand it, and it is not really a problem. > > My guess is that in the NTLMv2 negotiation, the Exchange server first > requests a Kerberos ticket. If the ticket is unavailable, the server requests > credentials, and this warning is issued by http-client. Do I have this right? > > Is there a way to suppress this warning? > > 2013/01/18 13:32:58:412 CST [WARN] RequestTargetAuthentication - > NEGOTIATE authentication error: No valid credentials provided > (Mechanism level: No valid credentials provided (Mechanism level: > Failed to find any Kerberos tgt)) > > There are two things you could do: (1) Configure the 'org.apache.http.client.protocol.RequestTargetAuthentication' logger to log at ERROR priority only. (2) Disable the SPNego auth scheme altogether by removing it from the registry of supported auth schemes. Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
