> On Wed, 24 Aug 2011, 1983-01-06_at_gmx.net wrote:
>
> > Moreover, I seriously doubt that this will work at all. fbopenssl's
> files
> > are broken. I wonder if anyone was able to compile everything
> successfully.
>
> I'm not aware of any who does!
>
> I've gotten reports and questions about fbopenssl use before. I personally
> have *never* built with it and we don't have any tests that use it! I
> would
> say we have several indications that the current SPNEGO/fbopenssl setup
> isn't
> working as it possibly once did.
>
> I'd welcome further feedback on this if someone has.

Well, I'd expect then not to state SPNEGO as a working mechanism on the frontpage. This is seriously misleading. I'd rather note id somewhere else wih a caution.
 
> > I would rather exclude fbopenssl from cURL support. A new approach
> directly
> > with GSSAPI should be taken. Which definitively works. I would like to
> code
> > that but my C knowledge is so limited that it would take way too long.
> > libneon though has a working implementation.
>
> curl already has such support. See the --with-gssapi option to configure.

I am aware of that and compiled with. You probably misunderstood me. GSSAPI != SPNEGO.
SPNEGO requires GSSAPI for KErberos auth and wraps it. Whereas GSSAPI is the underlying mechanism which can be used with plan LDAP, IMAP, SMTP and so forth.
HTTP is unfortunately an exception to the rule. If you want to use GSSAPI only with HTTP your server has to request:
WWW-Authenticate: Kerberos.
Since Kerberos and SPNEGO have different OID.

Mike

-- 
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!		
Jetzt informieren: http://www.gmx.net/de/go/freephone
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html