cURL / Mailing Lists / curl-library / Single Mail


Re: problems using negotiate with sspi in 7.21.6 - 0001-fix-negotiate-sspi-problem-with-sequential-requests.patch (0/1)

From: Daniel Stenberg <>
Date: Mon, 16 May 2011 15:25:13 +0200 (CEST)

On Mon, 16 May 2011, Marcel Roelofs wrote:

> Attached you find a patch that fixes the problem (and changes the order of
> some initialization statements to make them appear somewhat more logical,
> now I had to read them back myself).

Thanks, applied now!

>>> 2) In every client-server request, it re-authenticates, is it by design?
> Interesting to see how different browsers deal with this:
> - Chrome and Firefox behave like curl: every subsequent request starts
> afresh, ie. not using any knowledge that a subsequent request may also
> need negotiate authentication
> - IE already adds a Negotiate header if it knows that a particular
> path uses Negotiate authentication. This saves one round trip per
> request.

Right, and that's what libcurl does for other authentication methods. I'm
certainly not a Negotiate expert but I figure curl should be able to do this.

> NTLM remembers that a connection is already authenticated, and apparently
> doesn't need any additional authentication for subsequent requests on the
> same connection.

Correct. NTLM is an abonination and violates fundamental HTTP principles. Yet
it continues to exist and be used...

List admin:
Received on 2011-05-16