-----Original Message-----
From: Daniel Stenberg
Sent: Wednesday, October 08, 2003 5:00 PM

THANKS for fixing the double-prompting for NTLM!

>> If the actual user-name being used were output in a verbose line,
>> it would probably help. Actually, if both the auth method AND
>> the user-name were output, it might be a really nice touch.

> Indeed a good idea. I'll work on that!

I see that you fixed this, by adding the user-name to the password prompt. I think that's a perfect solution, and it works really nicely... I also see you added a new "* Server auth" info line during --anyauth processing, which also looks great!

I found another problem (or two) with --anyauth.

It works fine now for Response headers like this:
    $ curl -v http://my.url --anyauth -u DOMAIN\\USER
    ...
    < HTTP/1.1 401 Access Denied
    < Server: Microsoft-IIS/5.0
    < Date: Wed, 08 Oct 2003 14:34:03 GMT
    < WWW-Authenticate: Negotiate
    < WWW-Authenticate: NTLM
as long as I've specified a user-name/password.

But, if I leave off the username, I end up with a Segmentation Fault.
The sequence is that request 1 obtains the WWW-AUthenticate response
headers, request 2 begins the NTLM authentication sequence, and request
three looks like this:
    * Ignoring the response-body
    * Connection #0 left intact
    * Issue another request to this URL: 'http://mpweb.fdy.moc.com/sapportal/'
    Segmentation fault (core dumped)
This is on Windows 2000 Professional.

The second problem looks like this:

  $ curl -v http://testweb.fdy.moc.com/__test/sendmail.asp \
    --anyauth -u DOMAIN\\USER
  Enter host password for user 'DOMAIN\USER':
  * About to connect() to testweb.fdy.moc.com:80
  * Connected to testweb.fdy.moc.com (89.2.45.40) port 80
> GET /__test/sendmail.asp HTTP/1.1
  User-Agent: curl/7.10.8-pre4 (i686-pc-cygwin) libcurl/7.10.8-pre4 OpenSSL/0.9.7c zlib/1.1.4
  Host: testweb.fdy.moc.com
  Pragma: no-cache
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*

  < HTTP/1.1 401 Access Denied
  < Server: Microsoft-IIS/5.0
  < Date: Mon, 20 Oct 2003 13:05:27 GMT
  < X-Powered-By: ASP.NET
  < WWW-Authenticate: Negotiate
  < WWW-Authenticate: NTLM
  < WWW-Authenticate: Basic realm="testweb.fdy.moc.com"
  < Content-Length: 0
  < Content-Type: text/html
  < Expires: Mon, 20 Oct 2003 13:04:27 GMT
  < Set-Cookie: ASPSESSIONIDCSSCRQQC=CBMHAOOBFNJAMDGHBCFCAIJN; path=/
  < Cache-control: private
  * Connection #0 left intact
  * Closing connection #0

As you can see, no attempt at authentication occurred. The difference between
this example (which fails) and the previous one (that works) is the extra
"WWW-Authenticate: Basic ..." header.

Thanks,
- Kevin

-------------------------------------------------------
This SF.net email sponsored by: Enterprise Linux Forum Conference & Expo
The Event For Linux Datacenter Solutions & Strategies in The Enterprise
Linux in the Boardroom; in the Front Office; & in the Server Room
http://www.enterpriselinuxforum.com
Received on 2003-10-20