cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token

From: David Woodhouse <dwmw2_at_infradead.org>
Date: Fri, 11 Jul 2014 18:41:45 +0100

On Fri, 2014-07-11 at 19:17 +0200, Michael Osipov wrote:
> I would implement a fallback but provide two options where one should be
> picked sticked to it:
>
> 1. Discover SPNEGO capability at compile time with autoconf. GSS-API
> provides this option:
>
> OM_uint32 major, minor;
> gss_OID_set mech_set;
> major = gss_indicate_mechs(&minor, &mech_set);
>
> and then you can test the for set members with a default function.

That doesn't work if you're cross-compiling. It's best to avoid tests
that you have to *run* at configure time, if we can.

> 2. Use SPNEGO by default and if the GSS-API impl does not support SPNEGO
> it will fail with an GSS error.
>
> Give that this is a corner case and should apply only to a fraction of
> users, I would go for option 2, e.g., your implementation.

Or we could have the known broken cases hard-coded, and allow
--without-spnego at configure time rather than attempting a runtime
check?

> I need access to that code via HTTP. Nothing else works at work but I
> would be happy to try that. Results won't be available before next friday.

Thanks! http://david.woodhou.se/openconnect-6.00.tar.gz

-- 
dwmw2

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • application/x-pkcs7-signature attachment: smime.p7s
Received on 2014-07-11