Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail

curl-users

Re: Kerberos authentication with --negotiate

From: Brandon Ewing <brandon.ewing_at_warningg.com>
Date: Mon, 4 Feb 2019 09:18:54 -0600

On Sat, Feb 02, 2019 at 10:21:27AM -0500, John Byrne wrote:
> Hi,
>
> The problem is, it only does this second request with the credentials if
> the server keeps the same connection open. The initial request includes a
> "Connection: keep-alive" header, but I'm using Django on the server side,
> and it can't support that option. My server application ignores the
> keep-alive header, but still conforms to the HTTP Negotiate protocol. But
> curl just stops once the connection is closed.
>

I can't reproduce this against my Django installation:
# curl --negotiate -vv -u :
http://localhost.localdomain:8002/auth/spnego
* Trying 127.0.1.1...
* TCP_NODELAY set
* Connected to localhost.localdomain (127.0.1.1) port 8002 (#0)
> GET /auth/spnego HTTP/1.1
> Host: localhost.localdomain:8002
> User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1;
> Trident/5.0)
> Accept: */*
> Referer:
>
* HTTP 1.0, assume close after body
< HTTP/1.0 401 Unauthorized
< Date: Mon, 04 Feb 2019 15:11:12 GMT
< Server: WSGIServer/0.1 Python/2.7.15
< Content-Length: 1523
< Expires: Mon, 04 Feb 2019 15:11:11 GMT
< Vary: Cookie
< Cache-Control: no-cache, no-store, must-revalidate, max-age=0
< X-Frame-Options: SAMEORIGIN
< Content-Type: text/html; charset=utf-8
< WWW-Authenticate: Negotiate
<
* Closing connection 0
* Issue another request to this URL:
* 'http://localhost.localdomain:8002/auth/spnego'
* Hostname localhost.localdomain was found in DNS cache
* Trying 127.0.1.1...
* TCP_NODELAY set
* Connected to localhost.localdomain (127.0.1.1) port 8002 (#1)
* Server auth using Negotiate with user ''
> GET /auth/spnego HTTP/1.0
> Host: localhost.localdomain:8002
> Authorization: Negotiate <lots of stuff>

> curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.19.1 Basic ECC
> zlib/1.2.7 libidn/1.28 libssh2/1.4.3
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
> pop3s rtsp scp sftp smtp smtps telnet tftp
> Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz

Perhaps fixed in a later version?
# curl --version
curl 7.58.0 (x86_64-pc-linux-gnu) libcurl/7.58.0 OpenSSL/1.1.0g zlib/1.2.11
libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) nghttp2/1.30.0 librtmp/2.3
Release-Date: 2018-01-24
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3
pop3s rtmp rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB
SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL

> -----------------------------------------------------------
> Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
> Etiquette: https://curl.haxx.se/mail/etiquette.html 

-- 
Brandon Ewing                                     (brandon.ewing_at_warningg.com)

-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html

  • application/pgp-signature attachment: stored
Received on 2019-02-04