On Wed, 2011-08-24 at 07:42 -0400, 1983-01...@gmx.net wrote:
> Are you refering to sole Kerberos or are you just concerned about
> transport encryption? Your statement somewhat irritates me.
> Given that the HTTP traffic cannot be securely wrapped into the GSS
> content and nor the SASL QOP can be
On Wed, 2011-08-24 at 05:52 -0400, Bert Huijben wrote:
> Then somebody added Kerberos support to neon, but the api wasn't
> updated to allow different behavior for the specific implementations.
Kerberos via HTTP negotiate is also insecure when not used over HTTPS.
In HTTP negotiate, the GSSAPI mec
