Re: NTLM state in connections is too strict?
Date: Fri, 4 Jan 2013 19:41:32 +0100
Joe Mason <jmason_at_rim.com> wrote:
> Really the only thing curl needs to do with the "connection-oriented" NTLM is ensure that the 3-step NTLM handshake messages are all sent on the same connection, and ensure that when a request with credentials is assigned to a connection it is never assigned to one that is NTLM-authenticated with different credentials. (And ideally, it should be assigned to one that is NTLM-authenticated with the SAME credentials, for performance.) I don't think curl should be making decisions about whether NTLM authentication on a connection is allowed. The server's idea of state should be considered definitive.
I agree that mindlessly reacting to NTLM authentication tokens
without bothering with checking whether or not the connection is
theoretically already past that point is less likely to cause
problems in the real world.
- application/pgp-signature attachment: signature.asc