curl-library
Re: problems using negotiate with sspi in 7.21.6
Date: Fri, 13 May 2011 00:05:40 +0200 (CEST)
On Thu, 12 May 2011, Ibraheem wrote:
> I have a couple of questions regarding http negotiate auth using sspi libs.
> (using 7.21.6 of libcurl)
Unfortunately we don't have any test cases for negotiate auth and I personally
have never used it.
Also note that we have an existing bug report with an attached fix that could
be worth checking out:
https://sourceforge.net/tracker/?func=detail&aid=3172608&group_id=976&atid=100976
> 1) In my test environment, it was crashing in http_negotiate_sspi.c due to
> the fact that after the first Curl_output_negotiate , a call to cleanup
> clears the neg_ctx->output_token but not the length of it, which causes
> problems in the next Curl_input_negotiate. So clearing the length of the
> token in cleanup solves it.
Can you provide a patch so that we don't misunderstand?
> 2) In every client-server request, it re-authenticates, is it by design?
No.
> 3) If Negotiate fails using kerberos, then it should fallback to ntlm, which
> is not working at all here
libcurl actually doesn't fall back to another auth. It picks the one auth type
it thinks is best out of the ones the server offers and if that fails, the
request fails. Why would it fall back and do another try?
-- / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-05-13