cURL / Mailing Lists / curl-library / Single Mail


RE: curl feature request - Negotiate/SPNEGO with CURLOPT_USERPWD

From: Greg Morse <>
Date: Thu, 2 Aug 2007 13:09:28 -0700

SPNEGO only supplements with GSSAPI without GSSAPI there is no reason to compile SPNEGO (maybe configure should check to make sure SPNEGO is only allowed if GSSAPI was also detected). SPNEGO seems to build a response token based on token sent with the WWW-Authenticate: Negotiate header. IIS6 on the initial response just sends WWW-Authenticate: Negotiate and no token which is why my SPNEGO trace messages do not show up.
Would be great to have Negotiate/GSSAPI support building of credentials and not just using the default one (only use this if ':') and should not be too hard but have to master some of GSSAPI :).
All that is needed is a function that does the following:
get_krb5_cred_from_user_pass(char* userdomainname, char* password)
Input: User and domainname(formatted as domain\username or username_at_domain, etc) + Password
Output: Credential file/buffer
Then it could write that to file mytmpfilename and then setenv("KRB5CCNAME", mytmpfilename); before calling gss_init_sec_context. When it cleans up the security context, unlink mytmpfilename.
Learn. Laugh. Share. Reallivemoms is right place!
Received on 2007-08-02