cURL / Mailing Lists / curl-library / Single Mail

curl-library

How-To use NTLM proxy authentication?

From: Augustus Saunders <augustus.saunders_at_verilogix.net>
Date: Mon, 21 Mar 2005 09:42:24 -0800

I've got one (multi-part) question and a couple of comments. First,
what are the steps involved to get NTLM authentication to work? One of
our clients is using ISA (Microsoft's proxy) and I need to figure this
out. From the docs, I understand that I need an SSL-enabled library, so
I got that set up. Then, you

            err = curl_easy_setopt(m_curl, CURLOPT_PROXYAUTH, CURLAUTH_ANY);

when you detect you need to go through the proxy. My understanding is
that libcurl will talk to the proxy and somehow "figure out" which
authentication method to use if you tell it CURLAUTH_ANY. Do I need to
set up any of the SSL options? I notice that there are several of them,
and it's not clear if libcurl will automatically use the right settings
for NTLM or not.

I don't know much about NTLM authentication, but it is my understanding
that it uses some challenge/response mechanism and that it doesn't
require a username/password. Does libcurl transparently negotiate
this? Right now, I am trapping for 407 responses manually so I can
prompt for username/password (is this still necessary, or have you added
a callback for this in the last few years?). If NTLM authentication is
being used, will libcurl automatically negotiate that such that I never
see the 407, or do I have to do something to invoke the NTLM hat dance?

Oh, and for what it's worth, I compiled the library as HTTP only,
statically, on MSVC. Thanks for any info you can provide-

Augustus

PS A couple of comments: 1) it would be nice if whoever did the MSVC
developer distributions would make a full complement of libraries for
different linking scenarios. I eventually got everything to compile,
but I had to go in and edit the makefiles, which is not comfortable
territory for most MSVC types. 2) I'm guessing this is a bug, but... if
I don't set CURLOPT_WRITEFUNCTION at all, I get lots of sporadic "Error
writing body" errors. I created a callback that does nothing, and
presto, all the errors went away. Seems like this should be the default
behavior.
Received on 2005-03-21