On Sat, Dec 10, 2016 at 03:52:39PM +0100, Johannes Schindelin wrote: > One of my colleagues offered a legitimate concern: it potentially adds > another round-trip. > > Do you happen to know whether regular HTTPS negotiation will have an extra > round-trip if Kerberos is attempted, but we have to fall back to > interactively prompt for (or use stored) credentials? With Kerberos (using tickets), you have 7 request/response pairs, and an additional round trip for the 100 Continue if your push is larger than http.postBuffer. You only have 6 for Basic using Kerberos. However, libcurl is generally going to be able to figure out whether your Kerberos credentials can be used, so when it falls back to Basic, it does so because it knows you have nothing to use with Negotiate (e.g. you have no ticket), and therefore it doesn't even try. I suppose if I tried to push to a server that offered Negotiate and Basic, but didn't accept my Kerberos credentials, it might fall back in such a way, though. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: https://keybase.io/bk2204
Attachment:
signature.asc
Description: PGP signature