curl-library
Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password
Date: Fri, 27 Jun 2014 22:27:57 +0200
Am 2014-06-27 11:11, schrieb Leonardo Rosati:
> hi,
>
> looking at the source code of http_negotiate-sspi.c the code doesn't use
> the user/password in case they are passed by the user, in practice assuming
> the proxy to authenticate the connection based on if the machine is in the
> domain or not.
> instead the code for ntlm is different: it passes user/password in case
> they are not empty and so user/password are used for authentication
> purposes.
>
> I think the correct behavior is the one for ntlm and therefore the
> negotiate method should be changed.
I don't think so. The intention in both is to have credentials already
present at/after login time. At least for NTLM on Windows and SPNEGO on
all platforms.
Michael
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-06-27