-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document HTTP/2 compat #204
Comments
If all streams come from the same user it will be safe, if it is used behind a proxy that may interleave different user requests, then definitely not safe. In general GssapiConnectionBound is really only needed if you are performing NTLMSSP authentication (or another mechanism that performs more than 1 server roundtrip), for krb5 it is not necessary. We use cookies to avoid the need for multiple authentication at each roundtrip. |
The cookies are only available if the client supports them (e.g., browsers). Consider libserf accessing HTTPd, there is no cookie support |
In that case libserf will have to send HTTP auth headers with each
requests, better if it is able to do opportunistic negotiation or it
will go though multiple roundtrips on each request just to deal with
authentication.
|
Alright, libserf does that in all gory details. |
Hey there, I have configured Apache for
Protocols h2 http/1.1
and like to know whether due to multiplexing streams it is still safe to useGssapiConnectionBound
with HTTP/2. Moreover, the docs say "It incurs overhead, so leaving it off is recommended." What overhead? Checking connection notes for a principal is overhead if this gives more performance on persistent connections?The text was updated successfully, but these errors were encountered: