cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Failure with --proxy-anyauth on NTLM

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Tue, 3 Apr 2012 12:02:08 +0100

Hi Matteo,

> > My experience is that this very rarely happens and you have to make
> > your software flexible enough that it can be configured to work in the
> > different customer's environments.
>
> I agree, this is the reason I used CURLAUTH_ANY since according to the
> documentation I would expect:
>"This is a convenience macro that sets all bits and thus makes libcurl pick
> any it finds suitable. libcurl will automatically select the one it finds
most
> secure. "

Don't get me wrong... I can understand where you are coming from, but from
libcurl's point of view GSS is the most secure and the server is offering
it, so it picks that ;-) libcurl doesn't know if that particular mechanism
is configured correctly / not working until it actually tries it and even
then it doesn't know the difference between invalid credentials or a
misconfigured server.

> It is not a problem to store a configuration.
> The problem is the user can give me username and password (which I
> store crypted in a config file), however the user does not know what is
> NTLM.

I can understand that your customers may not be technical and thus not
understand what NTLM is but this is a system administrator's / installation
engineer's role to configure the site install correctly. I guess it depends
on how much of a hurry you are in... For quickness I would store
AUTHTYPE=NTLM in the config file ;-)

> I could test all the AUTH protocols, but it seems CURLAUTH_ANY
> should/would do it:
> " libcurl will automatically select the one it finds most secure. "
>
> Does it work? Not for my customer.

Did you find out if the customer is able turn GSS off in ISA server?

> > If this is something you would like to try, I would suggest
> > downloading the libcurl source code and start hacking
>
> Hope I will have the chance.

It will be interesting to see how you get on - please keep us posted.

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-04-03