curl-library
Re: enabling AUTH based on AUTH settings?
Date: Tue, 22 Mar 2005 07:55:40 -0800
On Tue, Mar 22, 2005 at 10:21:44AM +0100, Daniel Stenberg wrote:
> In currrent libcurl, we've always used a given user/password to signal the
> enabling of HTTP authentication (both host and proxy auth).
>
> This is badness since with both SSPI and GSS get their credentials from
> other sources, which means that you need to set a "fake" user+password to
> enable this, and not only set the AUTH type correctly. This is KNOWN_BUGS
> #10.
>
> I want to modify libcurl to use a set auth type to indicate auth is wanted.
>
> Can anyone see a drawback with such slightly changed behaviour?
>
> Some apps might rely on the current way and they would then stop doing auth
> with the new libcurl, but it would be very easy to fix. Also, apps adjusted
> to this news will continue to work with older libcurls if they just make
> sure to set the user+password like now.
It sounds like you want to make this change in a non-backwards-compatible
manner. Why not leave the current method (fake user+password) as an
alternative so current apps don't break? Also, this would be a great time
to introduce a new set of options to set user and password separately
(KNOWN_BUGS #7).
> This is not a very important change so I'm not in a hurry to make this
> happen, but it would make the interface a little cleaner.
>>> Dan
-- http://www.MoveAnnouncer.com The web change of address service Let webmasters know that your web site has movedReceived on 2005-03-22