cURL / Mailing Lists / curl-library / Single Mail


Re: problems using negotiate with sspi in 7.21.6

From: David Woodhouse <>
Date: Mon, 16 May 2011 14:37:39 +0100

On Fri, 2011-05-13 at 00:05 +0200, Daniel Stenberg wrote:
> > 3) If Negotiate fails using kerberos, then it should fallback to ntlm, which
> > is not working at all here
> libcurl actually doesn't fall back to another auth. It picks the one auth type
> it thinks is best out of the ones the server offers and if that fails, the
> request fails. Why would it fall back and do another try?

In Windows environments it seems quite common for Kerberos support to be
*claimed* but not actually functional. We need to fall back to NTLM in
that case.

IE and Firefox get this right, I believe, but Chrome does not:

List admin:
Received on 2011-05-16