W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: [#177] Realm required on challenges

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Fri, 17 Jul 2009 04:17:49 +0200
To: Adrien de Croy <adrien@qbik.com>
Cc: Mark Nottingham <mnot@mnot.net>, Robert Collins <robertc@robertcollins.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1247797069.25755.249.camel@localhost.localdomain>
tis 2009-07-07 klockan 20:28 +1200 skrev Adrien de Croy:

> I've never seen a browser use the realm for anything other than a label 
> in a dialog box either.

In addition to presenting it to the user I have also seen it be used to
determine which set of cached credentials to use.

Regarding NTLM/Negotiate, the fact that there is no realm returned in
the challenge is a frequent cause to used confusion as they don't relly
know what they are supposed to login to. And with there being some
servers which do switch NTLM protection space depending on the requested
URI it can become quite messy.. As far as I am concerned the lack of
realm in NTLM/Negotiate is just yet another bug in those authentication
schemes.

Regards
Henrik
Received on Friday, 17 July 2009 02:18:38 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:07 GMT