On Sun, 29 May 2005, Raasch,David wrote:

(Please use a sensible subject when you post.)

> I'm now trying to write a basic script to just establish a connection to
> this other server and log in. Now, I know this application expects me to
> give it a username and password, so I put the following into my script:
>
> curl_setopt($ch, CURLOPT_HTTPAUTH, "CURLAUTH_NTLM");

Is that really how you are supposed to set that option? I mean with the
quotes?

> * Server auth using Basic with user '<my domain>\<my username>'
> Authorization: Basic V0hRX05UX0RPTUFJTlxEUjQy

I hope you edited that basic string, as otherwise you've now broadcasted your
name and password.

> OK, so what's concerning me here is that it looks like curl used "Basic"
> authentication and not "NTLM" ?? I'm thinking that may be the reason why I'm
> getting the "Access Denied" error?

Very likely, yes.

> Now, I googled around and read something about SSL having to be enabled in
> order for NTLM to be used.

You need to build libcurl to use OpenSSL to have it do NTLM, yes, unless you
enable SSPI support - as then you get NTLM without OpenSSL.

> But most of the pages I found referred to OpenSSL, which apparently runs on
> Apache.

Not at all. OpenSSL is a library for SSL and cryptographic functions. It
doesn't "run" under anything, but there are a vast amount of software that
uses it. Apache (mod_ssl to be precise I think) is one. libcurl is another.

> And we're running IIS here on our server. (I know our server has SSL running
> on it too, because I've had to cycle IIS on that box before... and it
> restarts the HTTP SSL service when I do that.)
>
> So, I'm wondering if the problem is really related somehow to SSL or if I'm
> getting off-track here?

I have no idea. You haven't even told us what libcurl version you're using or
if it supports HTTPS or not...

> I know when we call the app from our desktops, we don't type in "https://",
> so perhaps this is not an issue?

Uh? When you "call the app" you just browse a PHP page on the IIS server,
right? How does that change what PHP/CURL or even libcurl do or don't?

> By the way, I did install the command line version of curl on the server...
> and tried using a command-line-version of my login attempt commands, but
> Windows complains about "libssl32.dll" being missing. And further Googling
> gave me the impression that this is a part of OpenSSL

It is. libcurl requires OpenSSL for HTTPS, unless you build libcurl with
GnuTLS instead which is possible since 7.14.0.

> which again, is intended to work with Apache (I think).

That is your biggest misunderstanding I believe.

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html