cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: problems using negotiate with sspi in 7.21.6

From: David Woodhouse <dwmw2_at_infradead.org>
Date: Mon, 16 May 2011 14:37:39 +0100

On Fri, 2011-05-13 at 00:05 +0200, Daniel Stenberg wrote:
> > 3) If Negotiate fails using kerberos, then it should fallback to ntlm, which
> > is not working at all here
>
> libcurl actually doesn't fall back to another auth. It picks the one auth type
> it thinks is best out of the ones the server offers and if that fails, the
> request fails. Why would it fall back and do another try?

In Windows environments it seems quite common for Kerberos support to be
*claimed* but not actually functional. We need to fall back to NTLM in
that case.

IE and Firefox get this right, I believe, but Chrome does not:
http://code.google.com/p/chromium/issues/detail?id=82646

-- 
dwmw2
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Received on 2011-05-16

This message: [ Message body ]
Next message: Jon Griffiths: "[PATCH] Use Correct A/W function for Win32 calls"
Previous message: Daniel Stenberg: "Re: problems using negotiate with sspi in 7.21.6 - 0001-fix-negotiate-sspi-problem-with-sequential-requests.patch (0/1)"
In reply to: Daniel Stenberg: "Re: problems using negotiate with sspi in 7.21.6"
Next in thread: Daniel Stenberg: "Re: problems using negotiate with sspi in 7.21.6"
Reply: Daniel Stenberg: "Re: problems using negotiate with sspi in 7.21.6"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]