cURL / Mailing Lists / curl-users / Single Mail


Re: how to use --proxy-negotiate, exactly?

From: Daniel Stenberg <>
Date: Sun, 1 Mar 2009 12:50:19 +0100 (CET)

On Sun, 1 Mar 2009, Brian J. Murrell wrote:

>> auth="GSS-Negotiate";
> Any reason you init this with GSS-Negotiate and not just Negotiate?

Because I had to pick one!

> The difference observed here that with GSS-Negotiate the service name is
> KHTTP_at_server and with Negotiate, it's HTTP_at_server. The latter is correct
> for my usage.

Right, so now we know why the code needs a round-trip to know exactly how to
behave. Possibly it could try both HTTP@ and KHTTP@ so it would work for both
cases. But the code is also sprinkled with logic dependent on HAVE_SPNEGO.

Ideally we'd have someone with access/use for all three kinds as then there
would be the least risk for breakage. But I doubt there's anyone like that
here right now...

> I've actually not yet understood the subtle difference between Negotiate
> and GSS-Negotiate TBH.

Me neither.

> There does seem to be one, yet there is only a single CURLAUTH_* definition
> (and a single command line option to request it) covering both of them, even
> though there does seem to be a subtle difference between how the two
> operate.

They are covered with a single bit just because we've gotten away with that so
far, and we've seen no reason to introduce two separate ones.

List admin:
Received on 2009-03-01