Client development for HTTP Negotiate

Petr Spacek pspacek at
Fri Mar 1 03:58:15 EST 2013

On 28.2.2013 19:39, Nico Williams wrote:
> On Thu, Feb 28, 2013 at 11:30 AM, Russ Allbery <rra at> wrote:
>> Nico Williams <nico at> writes:
>>> You basically have to initialize a new security context for every HTTP
>>> request.  This sucks.  You can avoid this only by creating a "session".
>>> Traditionally that means "use cookies".  Or you could implement one of
>>> several proposals for "session continuation" based on session IDs and
>>> per-request/response MACs binding requests/responses to sessions.

One example how this problem can be solved is described at

The link above contains very detailed description how this problem was solved 
in FreeIPA project.

Petr^2 Spacek

More information about the krbdev mailing list