curl-library
RE: Failure with --proxy-anyauth on NTLM
Date: Sat, 31 Mar 2012 19:33:40 +0100
Hi Matteo,
> sorry I am replying to a digest, I hope the email get threaded correctly.
It seems okay with Outlook but I'm not viewing it in threaded view!
However, could I please ask you to not Top Post as per the curl etiquette
guide - Instead integrate your reply as follows:
> Your explanation of the problem fits nicely with what I experienced.
> I am going to ask to the sysadmin of the customer to remove/reorder
> the proxy authentication protocols.
>
> However it is unlikely to happen.
My experience is that this very rarely happens and you have to make your
software flexible enough that it can be configured to work in the different
customer's environments.
> I quite do not get your second suggestion: I am currently using
> PROXY-ANYAUTH because the software goes to different customers
> and I cannot guess the right order of proxy for each customer.
> - Is there a way to tell Libcurl which is the order of the authentication
to use?
Not as far as I am aware... This is something I want to implement for SMTP
but I don't think any of the other protocols do this at present (Although I
could be very wrong here!!).
You can only tell libcurl what authentication mechanisms to use through
curl_easy_setopt(CURLOPT_PROXYAUTH, CURLAUTH_NTLM) for example. The second
parameter is a bitmask of the mechanisms you want to use but it could just
as easy be a single mechanism - Unfortunately though this doesn't specify
the order. I hope I have the correct syntax there as I am having difficulty
accessing the curl website at the moment and can't verify this info for you
:(
If you have a config file / ini file / registry entry for your application I
would recommend an entry that specifies the mechanism that you then pass
onto libcurl through the above call to curl_easy_setopt().
> - Or maybe to test all the authentication before failing? Testing all of:
>
> Proxy-Authenticate: Negotiate
> Proxy-Authenticate: Kerberos
> Proxy-Authenticate: NTLM
I don't believe this is currently possible but others on the list might be
able to confirm it for you. I guess libcurl would have to:
* Try GSS in this example
* If that fails it would then move on and try the next supported mechanism
(Kerberos in this example)
* If that fails then it would move on and try NTLM
* That would then succeed in your scenario so then libcurl would continue
with the URL request
If this is something you would like to try, I would suggest downloading the
libcurl source code and start hacking ;-)
Kind Regards
Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-04-01