curl-and-php
RE: NTLM authentication
Date: Sun, 29 May 2005 13:27:11 -0500
OK, I used the Google search tool on the curl.haxx.se site and kept on
reading away.
Used Google's main search to locate fairly-new copies of libssl32.dll
and libeay32.dll.
Daniel had written a post saying one doesn't really NEED SSL in order to
use NTLM authentication, you just need to have these libraries
installed. So I copied these over to c:\windows\system32.
I'm able to connect now via the command line tool!
However, if I open my browser and call my PHP script on the server, I
still similar output as before. It looks like we're still trying to use
Basic authentication. (Yeah, I cycled IIS and it's still the same
thing.)
Thanks!
-= Dave =-
-----Original Message-----
From: curl-and-php-bounces_at_cool.haxx.se
[mailto:curl-and-php-bounces_at_cool.haxx.se] On Behalf Of Raasch,David
Sent: Sunday, May 29, 2005 12:02 PM
To: curl-and-php_at_cool.haxx.se
Subject: (no subject)
Greetings All!
I've been asked to do a small project for my workgroup here.
I'm writing a php script that will simulate a user logging into an
application on another server.
My script has to sit on one of our Windows servers (running Windows NT),
which is running IIS with SSL support.
I have had PHP on that server for a while, but just yesterday I upgraded
it to 5.0.4.
I'm now trying to write a basic script to just establish a connection to
this other server and log in.
Now, I know this application expects me to give it a username and
password, so I put the following into my script:
curl_setopt($ch, CURLOPT_HTTPAUTH, "CURLAUTH_NTLM"); curl_setopt($ch,
CURLOPT_USERPWD, "<my domain>\<my username>:<my
password>");
As I understand it, this should force curl to use the NTLM
Authentication method.
Now, when I execute my script, here's the request / reply that I get
back (please excuse me for removing some security-sensitive info):
* About to connect() to blah.blah.com port 80
* Connected to blah.blah.com (<IP address>) port 80
* Server auth using Basic with user '<my domain>\<my username>'
> GET /callcenter/start.swe HTTP/1.1
Authorization: Basic V0hRX05UX0RPTUFJTlxEUjQyOTY6QmVhdmlzMUJlYXZpczE=
Host: blah.blah.com
Pragma: no-cache
Accept: */*
< HTTP/1.1 401 Access Denied
< Server: Microsoft-IIS/5.0
< Date: Sun, 29 May 2005 15:27:46 GMT
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< Connection: close
< Content-Length: 4431
< Content-Type: text/html
* Closing connection #0
OK, so what's concerning me here is that it looks like curl used "Basic"
authentication and not "NTLM" ??
I'm thinking that may be the reason why I'm getting the "Access Denied"
error?
Now, I googled around and read something about SSL having to be enabled
in order for NTLM to be used.
But most of the pages I found referred to OpenSSL, which apparently runs
on Apache. And we're running IIS here on our server. (I know our server
has SSL running on it too, because I've had to cycle IIS on that box
before... and it restarts the HTTP SSL service when I do that.)
So, I'm wondering if the problem is really related somehow to SSL or if
I'm getting off-track here? I know when we call the app from our
desktops, we don't type in "https://", so perhaps this is not an issue?
By the way, I did install the command line version of curl on the
server... and tried using a command-line-version of my login attempt
commands, but Windows complains about "libssl32.dll" being missing. And
further Googling gave me the impression that this is a part of OpenSSL,
which again, is intended to work with Apache (I think).
Thanks!
David Raasch
CONFIDENTIALITY NOTICE
This message and any included attachments are from Cerner Corporation
and are intended only for the addressee. The information contained in
this message is confidential and may constitute inside or non-public
information under international, federal, or state securities laws.
Unauthorized forwarding, printing, copying, distribution, or use of such
information is strictly prohibited and may be unlawful. If you are not
the addressee, please promptly delete this message and notify the sender
of the delivery error by e-mail or you may call Cerner's corporate
offices in Kansas City, Missouri, U.S.A at (+1) (816)221-1024.
---------------------------------------- --
Received on 2005-05-29