cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: BUG: free statement in http_negotiate.c giving heap error

From: Arunav Sanyal <arunav.sanyal91_at_gmail.com>
Date: Thu, 9 May 2013 11:09:15 +0530

I do understand the problem though. It seems curl behaves as a thin
client(exactly how browsers behave) when it comes to negotiate
authentication. In case of kerberos(one of the mechanisms supported by
negotiate) when a browser authenticates via negotiate, it never sets the
server name. What it does it checks for a server principal
name(equivalently a server name) with HTTP/ as a prefix. SPN's reside on a
third party server called KDC (Key distribution centre), they are
identifiers for services. When any SPN of type HTTP/ is found, the server
uses that as its identifier and authentication is successful. Same thing
happens with curl, since we do not have an option for setting it in
easy_curl_setopt. Nor is it defaulting to anything(to the best of my
knowledge). The only way around I see is that server name needs to be an
extended option. If you agree with my reasoning, I can extend the curl
options for that.

On Thu, May 9, 2013 at 10:03 AM, Arunav Sanyal <arunav.sanyal91_at_gmail.com>wrote:

> I dont have any proposed fixes
>
> --
> Arunav Sanyal
> 4th year undergraduate student
> B.E (Hons) Computer Science
> BITS Pilani K.K Birla Goa Campus
>

-- 
Arunav Sanyal
4th year undergraduate student
B.E (Hons) Computer Science
BITS Pilani K.K Birla Goa Campus

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-05-09