Hi Daniel,

The repro is: I have a proxy server in the middle, the request send to the
proxy and through the proxy send to backend server. if the proxy's
username:password and the backend's username:password is different, once the
proxy send the username:passwiord to backend on behalf of the browser, the
curl will keep sending the NTLM for an endless loop.

Like this:

Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150234 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM
SlRMTVNTUAACAAAABgAGADAAAAAFggEgqh3cN/34Up4AAAAAAAAAAAAAAAA2AAAATgBUADQA
Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150237 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM
Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150240 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM
SlRMTVNTUAACAAAABgAGADAAAAAFggEggmfwEQw99TAAAAAAAAAAAAAAAAA2AAAATgBUADQA
Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150243 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM
Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150246 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM
SlRMTVNTUAACAAAABgAGADAAAAAFggEg9hUABU6+iwsAAAAAAAAAAAAAAAA2AAAATgBUADQA
Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150249 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM
Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150252 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM
SlRMTVNTUAACAAAABgAGADAAAAAFggEgXYGdowMZhO4AAAAAAAAAAAAAAAA2AAAATgBUADQA
Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150305 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM
Feb 7 01:56:33 syslog-ng_at_EX local6.debug logserver:
[07/Feb/2004:01:56:33.150308 +0000] 003038 ew 10000046 Debug 2 Unknown
::TRACE:: RAW-RESPONSE - WWW-Authenticate : NTLM SlRMTVNTUAACAAAABgAG
 
And for Basic Auth forwarding, it will send three times and then it success,
still not an ideal case.

I have searched the change log after 7.10.8, I have not found any changes
related to NTLM. Could you please take a quick look at this, if this is
fixable in VERY SHORT time?

This is urgent, please help!

Thanks a lot!

Xiuping

> -----Original Message-----
> From: Daniel Stenberg [mailto:daniel-curl_at_haxx.se]
> Sent: Monday, February 09, 2004 12:10 AM
> To: libcurl and curl development talk
> Subject: RE: Authentication
>
> On Fri, 6 Feb 2004, Xiuping Hu wrote:
>
> > I have used curl to do NTLM authentication forwarding (SSO). If my
> password
> > Is wrong, the curl will continually send the wrong password to backend
> > server. How we can do if the password is wrong?
>
> Are you using 7.11.0? If not, then try it.
>
> If you still get this problem using 7.11.0, can you please tell us how to
> repeat this problem so that we can work on a fix?
>
> --
> Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
> [[ Do not send mails to this email address. They won't reach me. ]]
Received on 2004-02-09