Hi Everyone,

I'm attempting to use libcurl to connect to a web server that supports
both,
but some clients can't do kerberos.

I'm setting CURLOPT_HTTPAUTH to CURLAUTH_GSSNEGOTIATE | CURLAUTH_NTLM

The behavior I see is that the server sends both Negotiate and NTLM
in WWW-Authenticate header, and then curl sends a negotiate authorization
string and the response debug is shown below

<= recv header: HTTP/1.1 401 Unauthorized
<= recv header: Content-Length: 0
text: Server Microsoft-HTTPAPI/2.0 is not blacklisted
<= recv header: Server: Microsoft-HTTPAPI/2.0
text: Authentication problem. Ignoring this.
<= recv header: WWW-Authenticate: Negotiate oYGGMIGDoAMKAQGhCwYJKoZI
KakUGxJHRVIuQ09SUC5JTlRFTC5DT02qGTAXoAMCAQGhEDAOGwxzeXNfaWJpZnJhbWU=
<= recv header: Date: Sat, 27 Sep 2014 12:15:29 GMT
text: HTTP error before end of send, stop sending
text: Closing connection 1

For this specific test,
I've used an Alias or IP address to make kerberos fail,
the server has a valid SPN, and it is used and works fine when the correct
address is used.
using CURLAUTH_NTLM alone works as well.

Should libcurl fallback to NTLM?
Am I doing something else wrong?

Thanks,
Ren

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-09-27