Client development for HTTP Negotiate
Petr Spacek
pspacek at redhat.com
Fri Mar 1 03:58:15 EST 2013
On 28.2.2013 19:39, Nico Williams wrote:
> On Thu, Feb 28, 2013 at 11:30 AM, Russ Allbery <rra at stanford.edu> wrote:
>> Nico Williams <nico at cryptonector.com> writes:
>>> You basically have to initialize a new security context for every HTTP
>>> request. This sucks. You can avoid this only by creating a "session".
>>> Traditionally that means "use cookies". Or you could implement one of
>>> several proposals for "session continuation" based on session IDs and
>>> per-request/response MACs binding requests/responses to sessions.
One example how this problem can be solved is described at
https://www.redhat.com/archives/freeipa-devel/2011-December/msg00329.html
The link above contains very detailed description how this problem was solved
in FreeIPA project.
--
Petr^2 Spacek
More information about the krbdev
mailing list