cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token

From: Michael Osipov <1983-01-06_at_gmx.net>
Date: Wed, 28 May 2014 08:26:04 +0200

Am 2014-05-27 23:55, schrieb Daniel Stenberg:
> On Mon, 26 May 2014, Michael Osipov wrote:
>
>> Due to missing #ifdefs, curl tries to perform SPNEGO auth even if it
>> has been compiled w/o fbopenssl SPNEGO library. Now, Negotiate works,
>> if and only if, SPNEGO support has bin compiled in, requiring GSS-API
>> is present and enabled --with-gssapi.
>
> I'm sorry but this is not my expert area. SPNEGO and Negotiate aren't
> the same things, are they? Can't you do Negotiate that isn't SPNEGO?

SPNEGO is the official name from RFC, Negotiate auth is used in HTTP
which is always performed by SPNEGO, so if you request

1. HTTP SPNEGO => Negotiate
2. SASL SPNEGO => GSS-SPNEGO

Technically, they are but different names for problem areas.

Further improvement will come here too from me. Clean up code and docs.

> After all, I thought the fbopenssl was almost extinct and I guess not
> many more than a handful of users ever built curl with it.

Unfortunately, I have because there is no other way. I am working on
improving libcurl to use GSS-API directly and then we can burry
fbopenssl once and for all.

Michael

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-28