On Fri, 2014-07-11 at 15:50 +0200, Michael Osipov wrote: > > I my opinion, we can refer to the HTTP standard which mandates to use > strongest to weakest auth. So curl would actually need to priorize > authentication and try in that order: > > Kerberos > Negotiate > Digest > NTLM_WB > NTLM > Basic. > > KRB 5 comes before SPNEGO, bcause it can downgrade to NTLM which is less > secure. Digest comes before NTLM because, again, less secure and > proprietary.
Another point of view would be that NTLM_WB comes before Digest. You are focusing on the protocol on the wire, which is too narrow. In the grand scheme of things, automatic authentication with single sign on *has* to be better than making the user pass a password around to curl in cleartext so that it can do the Digest auth for itself. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
