cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: RE: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token

From: Michael-O <1983-01-06_at_gmx.net>
Date: Wed, 28 May 2014 11:54:47 +0200

Forgot to add:

> Gesendet: Mittwoch, 28. Mai 2014 um 11:29 Uhr
> Von: "Yehezkel Horowitz" <horowity_at_checkpoint.com>
> An: "libcurl development" <curl-library_at_cool.haxx.se>
> Betreff: RE: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token
>
> >> I'm sorry but this is not my expert area. SPNEGO and Negotiate aren't
> >> the same things, are they? Can't you do Negotiate that isn't SPNEGO?
> > Technically, they are but different names for problem areas.
> >...
> > Further improvement will come here too from me. Clean up code and docs.
>
> There are servers that enforce you to use SPNEGO API which is implemented in fbopenssl, but most of servers will just accept Kerberos authentication for which you should use krb5 library (which also has GSS-API implementation for Kerberos authentication).
>
> I learned this by removing the SPNEGO support during configure phase of libcurl (as I thought this is very old API and no one use it anymore) and after that I got complains about servers that couldn't be connected (authenticated) with my library...

and that is actually the bug. Curl sends somehing not requested to do.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-05-28