curl-library
RE: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token
Date: Sun, 13 Jul 2014 19:36:48 +0100
On Sun, 13 Jul 2014, Michael Osipov wrote:
> > On a side note, we are currently missing support for the GSSAPI
> > mechanism and Winbind NTLM implementation in the email
> > protocols.
>
> Are you implementing SASL your self for curl or do you use
> CyrusSASL? I know that Windows has a native SASL impl but that
> seems to be available on Windows Server only.
We currently have native support for the following SASL authentication mechanisms:
CRAM-MD5, DIGEST-MD5, LOGIN, NTLM and PLAIN with support for extensions such as OAUTH2.
This could be extended to include the HTTP authentication mechanisms as well and turn our SASL module into a more generic authentication layer that includes both SASL and HTTP mechanisms.
I don't know enough about CyrusSASL at the moment but that was one of the third-party libraries I was thinking of that we could integrate with - if we wanted to.
> > * Support both of these in the email protocols and any other
> > protocols that can use authentication (For example I want to look
> > at ldap in more detail afterwards)
> > * Simplify the NTLM code as both native and SSPI is intermingled
> > making it difficult to follow
> > * Support third party sasl/authentication modules with relative
> > ease
>
> More than that. I could be completely decoupled from HTTP and
> used for any GSS/SSPI-based service, like HTTP, FTP, SMTP, IMAP,
> etc. The low-end impl is always the same.
Indeed - this is roughly what I had in mind and what I've started to do with curl_sasl.c and curl_sasl_sspi.c as they are shared by the three email protocols ;-)
Kind Regards
Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-07-13