On Thu, 25 Aug 2011, 1983-01-06_at_gmx.net wrote:

> Well, I'd expect then not to state SPNEGO as a working mechanism on the
> frontpage. This is seriously misleading. I'd rather note id somewhere else
> wih a caution.

Perhaps. But really, we have amounts of features and option combinations that
go far beyond what any single person has ever tried or tested, and far too may
of the combinations of options and third party libs and versions are never
tested until users try them out.

If we would only list the features we test in the test suite and have a
reasonable confidence in due to that, we would seriously have to limit what we
say curl can do. I don't think that's a good idea.

I'm not sure if SPNEGO works or not, as I explained. Are you?

Also, older versions should have it working.

> You probably misunderstood me. GSSAPI != SPNEGO. SPNEGO requires GSSAPI for
> KErberos auth and wraps it. Whereas GSSAPI is the underlying mechanism which
> can be used with plan LDAP, IMAP, SMTP and so forth. HTTP is unfortunately
> an exception to the rule. If you want to use GSSAPI only with HTTP your
> server has to request: WWW-Authenticate: Kerberos. Since Kerberos and SPNEGO
> have different OID.

Thanks for the explanation, I wasn't aware of how they were connected.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ:        http://curl.haxx.se/docs/faq.html
Etiquette:  http://curl.haxx.se/mail/etiquette.html