cURL / Mailing Lists / curl-library / Single Mail


Issue regarding gss-negotiation in libcurl(user password enabling)

From: Arunav Sanyal <>
Date: Wed, 6 Mar 2013 15:26:34 +0530


I work in an organisation which uses libcurl for kerberos authentication to
a tomcat servlet using curl(i.e libcurl is the basis for the client
program, whereas tomcat sevlet is the server)

For this I have built curl with spnego and gss-negotiate support in
windows,(an arduous task, with gssapi, spnego, openssl and fbopenssl one
after the other built) and finally getting it to work by command line.

Right now the issue is that curl always picks up default
credentials(whether i pass username-password or not). This is unacceptable
to the organisation, since we wish to enable non sso(single sign on)
solutions for our clients.

I have identified the affected code. It resided in the init_sec_context
call in http_negotiate.c call. It always uses the default
credentials(GSS_C_NO_CREDENTIAL flag is responsible) in line 245 of my
version(libcurl 7.19.6). I have developed a fix and am currently validating
and testing with my superiors before applying.

My patch is highly prototypical in nature ( right now i plan on setting on
usename password hardcoded). However that is a minor issue. Since I am new
to programming in large projects, I wish to make a contribution upstream
and I do not know the procedure. I have the setup to test my changes. I
appeal to the principal curl developers to direct me regarding this matter

Yours faithfully

Arunav Sanyal
4th year undergraduate student
B.E (Hons) Computer Science
BITS Pilani K.K Birla Goa Campus

List admin:
Received on 2013-03-06