NSURLSession delegate, Kerberos, and NSURLAuthenticationMethodNegotiate
NSURLSession delegate, Kerberos, and NSURLAuthenticationMethodNegotiate
- Subject: NSURLSession delegate, Kerberos, and NSURLAuthenticationMethodNegotiate
- From: Wim Lewis <email@hidden>
- Date: Tue, 08 Dec 2015 12:18:00 -0800
I'm trying to figure out what the right behavior of an NSURLSession delegate is to support Kerberos authentication. In particular, what does it expect of the credential that you give it with NSURLSessionAuthChallengeUseCredential?
A common situation is for a server to want to accept kerberos tickets from users that have them, or passwords from users that don't. The HTTP 4xx response offers both the Negotiate and Basic/Digest auth methods.
The URL subsystem documentation is pretty lacking. Experimentally, what I've found is:
- Returning PerformDefaultHandling allows Kerberos to continue, but if the user isn't using Kerberos, it prevents any other authentication method from being considered.
- Returning RejectProtectionSpace allows password authentication to happen, but prevents kerb auth.
- Returning UseCredential with an arbitrary, garbage-value password credential appears to allow kerb tickets to be used; if I then return RejectProtectionSpace for any callbacks with a previous failure count, then I can get NSURLSession to do the right thing.
But I'm a bit concerned about the dummy credential I'm passing in. Can anyone clarify what NSURLSession does with it? And why doesn't PerformDefaultHandling fall back properly when a user has no kerberos tickets?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden