cURL / Mailing Lists / curl-library / Single Mail


[ curl-Bugs-1281867 ] SSPI and system account (fwd)

From: Daniel Stenberg <>
Date: Thu, 8 Sep 2005 08:11:02 +0200 (CEST)

Hi good friends!

This bug report is about what libcurl should do when using SSPI in "system
context" (Windows only).

I'm not capable of fixing this, or even explaining what it does today or
hardly anything about this! ;-)

Is there anyone who agrees that this is a problem?

If so, is there anyone capable of making a fix along the lines that is
suggested in this report?

  Commercial curl and libcurl Technical Support:
---------- Forwarded message ----------
Date: Wed, 07 Sep 2005 14:51:03 -0700
From: <>
Subject: [ curl-Bugs-1281867 ] SSPI and system account
Bugs item #1281867, was opened at 2005-09-05 04:27
Message generated for change (Comment added) made by notbremse1
You can respond by visiting:
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: wrong behaviour
Status: Open
Resolution: None
Priority: 5
Submitted By: Randy (notbremse1)
Assigned to: Daniel Stenberg (bagder)
Summary: SSPI and system account
Initial Comment:
I've written a script to download some files via http
using curl and using sspi for authentication.  This
works great as long as it is run under the security
context of a user.
However, when run under the system account context
(i.e. a group policy startup script), it no longer
seems authenticate properly.
Here is an excerpt from the IIS log.
curl --ntlm -u : <url>    (run under user context)
03:58:24 DOMAIN\RandyT W3SVC1 GET
/MS+Office+2000+wSR1/LICENSE.TXT 200 0 HTTP/1.1 6nzq541
curl --ntlm -u : <url>    (run under system context)
04:00:15 - W3SVC1 GET
/MS+Office+2000+wSR1/LICENSE.TXT 401 5 HTTP/1.1 6nzq541
Run under system account context with scripted Internet
Explorer or winhttp 5.1
/MS+Office+2000+wSR1/LICENSE.TXT 200 0 HTTP/1.1 6nzq541
>Comment By: Randy (notbremse1)
Date: 2005-09-07 21:51
Logged In: YES
Sorry for the delay getting back to you.
I believe it should use the active directory domain computer
The DOMAIN\RTTESTSYSTEM$ user that is used by
Internet Explorer in the same context is the computer
account in active directory for the system I was testing on.
Comment By: Daniel Stenberg (bagder)
Date: 2005-09-05 08:20
Logged In: YES
So what is it supposed to do under "system context" ? I
thought the point would be that it gets the user + password
from the current user, and if there's no user what should it
do/use ?
You can respond by visiting:
Received on 2005-09-08