curl-library
Re: PUT with digest auth, sends HEAD #1054859
Date: Fri, 5 Nov 2004 06:52:20 +0000
Daniel Stenberg wrote:
> >But libcurl can copy this behaviour which is presumably the right thing to
> >do for NTLM auth.
>
> Note that David's test logs showed that his IE session used Negotiate
> authentication all the time. While enlightening, it isn't exactly the case
> we were discussing.
The very first request doesn't use Negotiate authentication.
After that they all do, but according to the Eric Glass' document,
Negotiate is the same as NTLM (but with a different name), when it's
been using for NTLM authentication.
I think it very likely IE would do exactly the same as David's test
but sending "NTLM" instead of "Negotiate", if the server had offered
only "NTLM" and had not offered "Negotiate".
> However, since it sends the file twice and doesn't forcibly close the
> connection, I can't see why NTLM wouldn't work fine with this as well.
It *does* forcibly close the connection.
Look for the "Connection: close" from the server in the first
response. It's not in the second or third responses.
> Sending the data twice is just so... disturbing! (and it introduces API
> problems to libcurl)
We don't know that the data is fully sent twice.
IE might abort sending when it's read the first 401 response with
"Connection: close" -- this is only possible if the server sends 401
before (or without) reading all the request body. Perhaps it is -
that's why I asked David for more details.
An Ethereal dump of the same transaction with a large file would be
very helpful.
-- Jamie
Received on 2004-11-05