cURL / Mailing Lists / curl-library / Single Mail


Re: problems using negotiate with sspi in 7.21.6

From: Daniel Stenberg <>
Date: Fri, 13 May 2011 00:05:40 +0200 (CEST)

On Thu, 12 May 2011, Ibraheem wrote:

> I have a couple of questions regarding http negotiate auth using sspi libs.
> (using 7.21.6 of libcurl)

Unfortunately we don't have any test cases for negotiate auth and I personally
have never used it.

Also note that we have an existing bug report with an attached fix that could
be worth checking out:

> 1) In my test environment, it was crashing in http_negotiate_sspi.c due to
> the  fact that after the first Curl_output_negotiate , a call to cleanup
> clears the  neg_ctx->output_token but not the length of it, which causes
> problems in the  next Curl_input_negotiate. So clearing the length of the
> token in cleanup  solves it.

Can you provide a patch so that we don't misunderstand?

> 2) In every client-server request, it re-authenticates, is it by design?


> 3) If Negotiate fails using kerberos, then it should fallback to ntlm, which
> is not working at all here

libcurl actually doesn't fall back to another auth. It picks the one auth type
it thinks is best out of the ones the server offers and if that fails, the
request fails. Why would it fall back and do another try?


List admin:
Received on 2011-05-13