curl-library
RE: How to set service name for SPNEGO?
Date: Wed, 18 Feb 2015 23:11:04 +0000
On Tue, 17 Feb 2015, Wenlong Dong wrote:
> > * I'd rather support this across all of our mechanisms that use
> > a SPN (such as Socks 5, SPNEGO, Kerberos, Digest) in each of
> > the GSS-API, SSPI and Native implementations
> >
> > * Possibly deprecate CURLOPT_SOCKS5_GSSAPI_SERVICE (I
> > would suggest a new CURLOPT_SERVICE_NAME or
> > CURLOPT_SPN, etc... option with the same value for API
> > compatibility)
> >
> > * The code has also changed quite a bit since v7.36 (The next
> > release will be 7.41)
>
> Steve, thanks a lot for the quick response! Those are great comments.
No problem.
> Let me try to put together a change with what you mentioned.
Sound good - I look forward to seeing your proposed changes.
> In that case CURLOPT_SERVICE_NAME makes more sense. For
> negotiate/Kerberos, we let the libcurl to append the host name
> to generate the SPN as <servicename>/<host>.
Ah - right. Yes - I see your point.
Some more random thoughts from me this evening...
I wouldn't recommend replacing CURLOPT_SOCKS5_GSSAPI_SERVICE with CURLOPT_SERVICE_NAME as Socks 5 is used as a proxy and a curl user / libcurl programmer might want to set both the proxy and the protocol service name. As such I would recommend something like:
* libcurl - replace CURLOPT_SOCKS5_GSSAPI_SERVICE with CURLOPT_PROXY_SERVICE_NAME as it can then be used for HTTP proxy with Kerberos/SPNEGO/Digest and keep CURLOPT_SOCKS5_GSSAPI_SERVICE for backwards API compatibility
* libcurl - add CURLOPT_SERVICE_NAME as new value
* curl - replace --socks5-gssapi-service with --proxy-service-name and add --socks5-gssapi-service as an alias
* curl - add support for --service-name as a new argument
Kind Regards
Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-19