curl-library
RE: Failure with --proxy-anyauth on NTLM
Date: Tue, 03 Apr 2012 12:21:20 +0200
Hi Steve,
Still on the PROXYAUTH.
> My experience is that this very rarely happens and you have to make your
> software flexible enough that it can be configured to work in the different
> customer's environments.
I agree, this is the reason I used CURLAUTH_ANY since according to the
documentation I would expect:
"This is a convenience macro that sets all bits and thus makes libcurl
pick any it finds suitable. libcurl will automatically select the one it
finds most secure. "
>> I quite do not get your second suggestion: I am currently using
>> PROXY-ANYAUTH because the software goes to different customers
>> and I cannot guess the right order of proxy for each customer.
>> - Is there a way to tell Libcurl which is the order of the authentication
> to use?
>
> Not as far as I am aware... This is something I want to implement for SMTP
> but I don't think any of the other protocols do this at present (Although I
> could be very wrong here!!).
>
> You can only tell libcurl what authentication mechanisms to use through
> curl_easy_setopt(CURLOPT_PROXYAUTH, CURLAUTH_NTLM) for example. The second
> parameter is a bitmask of the mechanisms you want to use but it could just
> as easy be a single mechanism - Unfortunately though this doesn't specify
> the order. I hope I have the correct syntax there as I am having difficulty
> accessing the curl website at the moment and can't verify this info for you
>
>
> If you have a config file / ini file / registry entry for your application I
> would recommend an entry that specifies the mechanism that you then pass
> onto libcurl through the above call to curl_easy_setopt().
It is not a problem to store a configuration.
The problem is the user can give me username and password (which I store
crypted in a config file), however the user does not know what is NTLM..
I could test all the AUTH protocols, but it seems CURLAUTH_ANY
should/would do it:
" libcurl will automatically select the one it finds most secure. "
Does it work? Not for my customer.
>> - Or maybe to test all the authentication before failing? Testing all of:
>>
>> Proxy-Authenticate: Negotiate
>> Proxy-Authenticate: Kerberos
>> Proxy-Authenticate: NTLM
> I don't believe this is currently possible but others on the list might be
> able to confirm it for you. I guess libcurl would have to:
>
> * Try GSS in this example
> * If that fails it would then move on and try the next supported mechanism
> (Kerberos in this example)
> * If that fails then it would move on and try NTLM
> * That would then succeed in your scenario so then libcurl would continue
> with the URL request
>
> If this is something you would like to try, I would suggest downloading the
> libcurl source code and start hacking
Hope I will have the chance.
Kind regards,
Matteo
>
> Kind Regards
>
> Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-04-03