Re: [#177] Realm required on challenges

tis 2009-07-07 klockan 20:28 +1200 skrev Adrien de Croy:

> I've never seen a browser use the realm for anything other than a label 
> in a dialog box either.

In addition to presenting it to the user I have also seen it be used to
determine which set of cached credentials to use.

Regarding NTLM/Negotiate, the fact that there is no realm returned in
the challenge is a frequent cause to used confusion as they don't relly
know what they are supposed to login to. And with there being some
servers which do switch NTLM protection space depending on the requested
URI it can become quite messy.. As far as I am concerned the lack of
realm in NTLM/Negotiate is just yet another bug in those authentication
schemes.

Regards
Henrik

Received on Friday, 17 July 2009 02:18:38 UTC