Greetings All!

I've been asked to do a small project for my workgroup here.
I'm writing a php script that will simulate a user logging into an
application on another server.

My script has to sit on one of our Windows servers (running Windows NT),
which is running IIS with SSL support.
I have had PHP on that server for a while, but just yesterday I upgraded
it to 5.0.4.

I'm now trying to write a basic script to just establish a connection to
this other server and log in.
Now, I know this application expects me to give it a username and
password, so I put the following into my script:

curl_setopt($ch, CURLOPT_HTTPAUTH, "CURLAUTH_NTLM");
curl_setopt($ch, CURLOPT_USERPWD, "<my domain>\<my username>:<my
password>");

As I understand it, this should force curl to use the NTLM
Authentication method.

Now, when I execute my script, here's the request / reply that I get
back (please excuse me for removing some security-sensitive info):

* About to connect() to blah.blah.com port 80
* Connected to blah.blah.com (<IP address>) port 80
* Server auth using Basic with user '<my domain>\<my username>'
> GET /callcenter/start.swe HTTP/1.1
Authorization: Basic V0hRX05UX0RPTUFJTlxEUjQyOTY6QmVhdmlzMUJlYXZpczE=
Host: blah.blah.com
Pragma: no-cache
Accept: */*

< HTTP/1.1 401 Access Denied
< Server: Microsoft-IIS/5.0
< Date: Sun, 29 May 2005 15:27:46 GMT
< WWW-Authenticate: Negotiate
< WWW-Authenticate: NTLM
< Connection: close
< Content-Length: 4431
< Content-Type: text/html
* Closing connection #0

OK, so what's concerning me here is that it looks like curl used "Basic"
authentication and not "NTLM" ??
I'm thinking that may be the reason why I'm getting the "Access Denied"
error?

Now, I googled around and read something about SSL having to be enabled
in order for NTLM to be used.
But most of the pages I found referred to OpenSSL, which apparently runs
on Apache. And we're running IIS here on our server. (I know our server
has SSL running on it too, because I've had to cycle IIS on that box
before... and it restarts the HTTP SSL service when I do that.)

So, I'm wondering if the problem is really related somehow to SSL or if
I'm getting off-track here? I know when we call the app from our
desktops, we don't type in "https://", so perhaps this is not an issue?

By the way, I did install the command line version of curl on the
server... and tried using a command-line-version of my login attempt
commands, but Windows complains about "libssl32.dll" being missing. And
further Googling gave me the impression that this is a part of OpenSSL,
which again, is intended to work with Apache (I think).

Thanks!

David Raasch

CONFIDENTIALITY NOTICE

This message and any included attachments
are from Cerner Corporation and are intended
only for the addressee. The information
contained in this message is confidential and
may constitute inside or non-public information
under international, federal, or state
securities laws. Unauthorized forwarding,
printing, copying, distribution, or use of such
information is strictly prohibited and may be
unlawful. If you are not the addressee, please
promptly delete this message and notify the
sender of the delivery error by e-mail or you
may call Cerner's corporate offices in Kansas
City, Missouri, U.S.A at (+1) (816)221-1024.
---------------------------------------- --
Received on 2005-05-29