cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: AW: Problem with NEGOTIATE-Proxy-Authentication and not reusing underlying TCP-Connections

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 22 Oct 2014 00:30:47 +0200 (CEST)

On Mon, 13 Oct 2014, Stefan Bühler wrote:

> Summary: the "Proxy-Authorization" header is (almost) never reset, and the
> proxy doesn't like the header (for POST) after the authentication.

Proxy-Authorization is meant to be repeated in every request since
authentication is per request, not per connection. That's just how HTTP is
designed and documented.

This description of yours makes it sound to me as if this Negotiate is really
NTLM behind the curtains, and googling for SPNEGO shows explanations filled
with NTLM all over.

Should Negotiate be treated more like NTLM rather than the "proper" auth
methods?

I rather not just glue in some "hackish" fix now when we don't even understand
the auth protocol properly, nor do we have any tests to make sure old stuff
keep working or that this won't regress in the future.

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-22