cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: PATCH: Curl Sanity patch for spnego authentication

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 30 Sep 2013 08:30:18 +0200 (CEST)

On Wed, 25 Sep 2013, Arunav Sanyal wrote:

> I use MIT Kebreros 1.11. And I can assure you the library does not handle
> SPNEGO token conversion explicitly. Even when I specify different OID.
>
> If you have your own server implementation which directly handles gssapi
> tokens, fbopenssl is no longer required. My use case is curl trying to
> authenticate with Tomcat 7.40.0 which expects SPNEGO token.

Hello Arunav, Kevin, Markus and the rest!

As I'm a GSS rookie and a SPNEGO cluebie, you need to help me out a little bit
more here!

This discussion is certainly useful and something that benefits us all, but I
have a very hard time to figure out which conclusions to draw and how to
proceed here. Can I get your help please?

Can we start with Arunav's specific patch[1] for SPNEGO that I questioned[2],
he said he agreed to my doubts[3] and yet he seems to say the fixes are fine.
I can't make sense of that and I don't fully grasp how SPNEGO works in
combination with the GSS stuff. Can't you have both enabled in a single
libcurl build?

I would really like an opinion and help on this from someone else who knows
more about this area than I do! Is the patch fine to merge? If not, what's the
problem? If it is, won't a combined SPNEGO + GSS build crash and burn?

[1] = http://curl.haxx.se/mail/lib-2013-09/0095.html
[2] = http://curl.haxx.se/mail/lib-2013-09/0112.html
[3] = http://curl.haxx.se/mail/lib-2013-09/0115.html

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-09-30