cURL / Mailing Lists / curl-library / Single Mail

curl-library

krb4 and CURLOPT_KRBLEVEL

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Sat, 15 Nov 2014 15:43:09 +0000

Dear friends,

As some of you are aware krb4 support was dropped from curl and libcurl in
7.33.

However, there have been a few references to this feature left around either
in source code or documentation - some of which I have been cleaning out or
marking as deprecated recently.

There is one that I'm not sure what to do with!!

The curl command line tool supports --krb LEVEL and in its usages sets the
CURLOPT_KRBLEVEL option in libcurl - but only if KRB4 support has been
detected "if(curlinfo->features & CURL_VERSION_KERBEROS4)" in
tool_getparam.c:696.

I have prepared a patch to remove this (see attached), however, from reading
the libcurl code (security.c) and associated comments it seems more of a
generic "Kerberos" option. Does anyone know if it is used for Kerberos 5 at
all?

If so, then should we update the option so that it is enabled when KERBEROS5
support is detected or shall I continue to remove it as planned?

If we remove it, should we tidy up the libcurl code, removing it and marking
CURLOPT_KRBLEVEL as deprecated?

Please note: From what I know this option is only currently used by the FTP
protocol.

Other than removing it, the main reason I ask is... Do I need to support
this as part of the SASL Kerberos 5 work I am doing - either in the SSPI
code that I added in August, or the new GSS-API code that I am currently
working on?

Kind Regards

Steve

Received on 2014-11-15