Somebody on kde-devel suggested that I forward this to kfm-devel.
---------- Forwarded Message ----------
Subject: Negotiate authentication for HTTP
Date: Wednesday 07 July 2004 00:33
From: Karsten Künne
After Mozilla came out with support for negotiate authentication and we try
to deploy it for our internal webservice I couldn't let Konqueror stand in
the dark and be abandoned by our users. So I hacked together a patch for
kioslave/http in order to support negotiate authentication. This patch
fine with apache and mod_auth_kerb-5.0-rc5 and heimdal on the server side.
tested it on a SuSE 9.0 system with KDE 3.2.3 but the diff is against KDE
CVS from yesterday (there aren't many changes in this area between 3.2.3
CVS). I don't know whether I got the autoconf magic right, I'm not an
on that. Also, this implementation will most likely NOT work with IIS and
SPNEGO and it doesn't support mutual authentication as it does not support
multiple roundtrips between client and server. I have no way of testing
against IIS so I can't work on this. But if you're using apache and
mod_auth_kerb-5.0 it should work fine. It also supports multiple
WWW-Authenticate headers, for instance "Negotiate" and "Basic" (this is
our server sends). If "Negotiate" repeatedly fails it falls back to the
lower authentication (in our case "Basic"). This is the behavior we want at
our site. All the changes in http.cc and http.h are ifdef'd with
HAVE_LIBGSSAPI so it should be transparent if this is not defined.
Please have a look and let me know whether this is useful for inclusion
The Psblurtex is an 18-inch long anaconda that hides in the gentlemen's
outfitting departments of Amazonian stores and is often bought by
mistake since its colors are those of the London Reform Club. Once
tied around its victim's neck, it strangles him gently and then claims
the insurance before running off to Germany where it lives in hiding.
-- Mike Harding, "The Armchair Anarchist's Almanac"
We are all worms. But I do believe I am a glowworm.
-- Winston Churchill