cURL / Mailing Lists / curl-library / Single Mail


Re: PATCH: Curl Sanity patch for spnego authentication

From: Markus Moeller <>
Date: Tue, 24 Sep 2013 22:43:35 +0100

Hi Kevin,

   The spnego implementation with fbopenssl was only added to wrap/unwrap a
gssapi token and make it a spnego token to work with MS servers. This
wrapping/unwrapping is now contained in all the standard Kerberos libraries
(Heimdal/MIT). It was not intended for NTLM.


-----Original Message-----
From: Kevin Swift
Sent: Tuesday, September 24, 2013 10:20 AM Newsgroups:
To: ;
Subject: Re: PATCH: Curl Sanity patch for spnego authentication

Date: Mon, 23 Sep 2013 19:44:18 +0100
From: "Markus Moeller" <>
To: "libcurl development" <>
Subject: Re: PATCH: Curl Sanity patch for spnego authentication
Message-ID: <00A875024B50435F9CD538537169318A_at_Ultrabook1>
Content-Type: text/plain; charset="iso-8859-1"

> I can only repeat the spnego code is for more than 4 years not needed as
> the Kerberos libraries can now handle spnego token. Why are you still
> using it ?
> Can you show me a case where it is needed ?


I have been trying to get SPNEGO working with fallback to NTLM (rather than
using kerberos). Should this work out of the box? To do this I built curl
with fbopenssl and have had to make a few changes to handle the 3-way
protocol for NTLM and change the default gss mech to NTLM. Should I have
started from a different base? For example using the Heimdal library to
handle everything and ignoring the fbopenssl SPNEGO code? BTW it's not yet
working so this is an experiment-in-progress. I'm also planning on trying
the Heimdal library only today.

Apologies if the format of this message is incorrect I've just subscribed
and had to reply via the digest.



List admin:

List admin:
Received on 2013-09-24