On Mon, 2025-02-17 at 08:11 +0000, Stankov. Yavor wrote: > Hi Oleg, > > Thanks for the quick response. > > I saw that the NTLM scheme is deprecated (but I didn't know that it > is also disabled by default) and as far as I understood it is going > to be completely removed with version 6. Is this right? > > I totally get that it is better to stop using it, but since we have > users of our application which still have to use it, we need to > support it. > > How can I enable it again? >
Same way as any custom auth scheme: 1. register the scheme with the client 2. configure auth scheme preferences to include the new scheme Oleg > Best Regards, > Yavor > > -----Original Message----- > From: Oleg Kalnichevski <ol...@apache.org> > Sent: Friday, February 14, 2025 6:44 PM > To: HttpClient User Discussion <httpclient-users@hc.apache.org> > Subject: Re: NTLM Authentication falls back to Basic in versions < > 5.3 > > On Fri, 2025-02-14 at 11:40 +0000, Stankov. Yavor wrote: > > Hi, > > > > I have an HTTP Client which relies on the Apache HTTP Client. I > > have > > configured it to use NTLM authentication. > > > > My HTTP Client is executing requests against a server which > > requires > > non pre-emptive basic authentication. > > > > With the Apache HTTP Client versions before 5.3, this was working > > well > > and somehow, never mind that NTLM was configured, after receiving > > the > > initial 401 response from the server, the second one was containing > > the appropriate authorization header with basic scheme. > > > > This is not the case after the update to 5.3. Is this expected? > > > > Best Regards, > > Yavor > > Hi Yavor > > We as a project no longer support NTLM authentication scheme. As of > HttpClient version 5.3 it has been deprecated and disabled by > default. > One can still re-enable it if required. However it should likely be > better long term to migrate to TLS/Basic or TLS/Bearer instead. > > Oleg > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > For additional commands, e-mail: httpclient-users-h...@hc.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
