curl-library
RE: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token
Date: Wed, 28 May 2014 09:29:54 +0000
>> I'm sorry but this is not my expert area. SPNEGO and Negotiate aren't
>> the same things, are they? Can't you do Negotiate that isn't SPNEGO?
> Technically, they are but different names for problem areas.
>...
> Further improvement will come here too from me. Clean up code and docs.
There are servers that enforce you to use SPNEGO API which is implemented in fbopenssl, but most of servers will just accept Kerberos authentication for which you should use krb5 library (which also has GSS-API implementation for Kerberos authentication).
I learned this by removing the SPNEGO support during configure phase of libcurl (as I thought this is very old API and no one use it anymore) and after that I got complains about servers that couldn't be connected (authenticated) with my library...
>> After all, I thought the fbopenssl was almost extinct and I guess not
>> many more than a handful of users ever built curl with it.
Count me in this list of users (at least till no server will enforce SPNEGO).
>Unfortunately, I have because there is no other way. I am working on improving libcurl to use GSS-API directly and then we can burry fbopenssl once and for all.
AFAIK, GSS-API is implemented in krb5 library and libcurl use this API (and not Kerberos API), but for servers who enforce support of SPNEGO - you must use SPNEGO API (which the only open-source implementation I know is fbopenssl).
BTW - what is the problem you are coming to fix?
Regards,
Yehezkel Horowitz
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-28