Hi Guys, I noticed that Microsoft no longer recommends NTLM in applications since 2010 due to some security vulnerabilities[1]. And a more secure authentication protocol Kerberos replaced NTLM as the default authentication tool on Windows 2000 and later releases[2].
My question is why does httpclient still implement NTLM instead of only providing the most preferred protocol - Kerberos? Are there any other reasons besides backward compatibility? [1] https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/1e846608-4c5f-41f4-8454-1b91af8a755b?redirectedfrom=MSDN [2] https://techgenix.com/kerberosandwindows2000/ Thanks, Yibo --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
