Network Stack‎ : HTTP authentication

HTTP authentication

As specified in RFC 2617, HTTP supports authentication using the WWW-Authenticate request headers and the Authorization response headers (and the Proxy-Authenticate and Proxy-Authorization headers for proxy authentication).

Supported authentication schemes

Choosing an authentication scheme

Basic: 1
Digest: 2
NTLM: 3
Negotiate: 4

Integrated Authentication

Kerberos SPN generation

Kerberos Credentials Delegation (Forwardable Tickets)

Negotiate external libraries

OSX: libgssapi_krb5.dylib
Linux: libgssapi_krb5.so.2, libgssapi.so.4, libgssapi.so.2, libgssapi.so.1

Remaining work

Support NTLMv2 on Mac and Linux. Our portable NTLM code supports NTLMv1 only.
Support GSSAPI on Windows [for MIT Kerberos for Windows or Heimdal]
Warn about Basic authentication scheme over unencrypted channels.

Questions?

libgssapi

Network Stack‎ : HTTP authentication

Negotiate external libraries