I have a Windows 2003 server set up which is using NTLM authentication (on
IIS 6). I am trying to post a slightly larger than 2K post request to this
server. The request works correctly if I specify --ntlm and does not work
if I specify --anyauth. That is:

curl --ntlm ______

succeeds with the same ____ as

curl --anyauth _____

which hangs.

Using tcpdump I see that the following data is exchanged:

   1. curl sends unauthenticated header (but no post data)
   2. web server responds with 401
   3. curl sends ntlm type 1 packet

at which point it appears that the web server is waiting for the rest of
the post data and curl is waiting for the type 2 reply from the server. I
checked this using telnet in which I sent the first curl header, followed
by the post data, followed by a bogus ntlm response.

I can make the --anyauth request work by adding an "Expect:" header. That is:

curl --anyauth --header "Expect: " _____

works correctly. Having tracked down the problem to this point I realize
that I now getting well out of league for looking at it on my own. Is this
a curl bug or an IIS bug?

Cheers,
Chris.
Received on 2005-02-15