Hi Daniel,

I have changed one line of the http_ntlm.c code at line 141:
    140 else {
    141 if((ntlm->state >= NTLMSTATE_TYPE1) ||
strstr(conn->allocptr.userpwd,"Authorization:"))
    142 return CURLNTLM_BAD;
    143
    144 ntlm->state = NTLMSTATE_TYPE1; /* we should sent away a type-1
*/
    145 }

In case it is TYPE1 message but in the userpwd buffer already have
Authorization header, it should consider a BAD authentication, so do not
continue loop.

I can not connect to cvs site, so I can not make a cvs diff, sorry about
that.

Thanks,

Xiuping

> -----Original Message-----
> From: Daniel Stenberg [mailto:daniel-curl_at_haxx.se]
> Sent: Monday, February 09, 2004 12:10 AM
> To: libcurl and curl development talk
> Subject: RE: Authentication
>
> On Fri, 6 Feb 2004, Xiuping Hu wrote:
>
> > I have used curl to do NTLM authentication forwarding (SSO). If my
> password
> > Is wrong, the curl will continually send the wrong password to backend
> > server. How we can do if the password is wrong?
>
> Are you using 7.11.0? If not, then try it.
>
> If you still get this problem using 7.11.0, can you please tell us how to
> repeat this problem so that we can work on a fix?
>
> --
> Daniel Stenberg -- http://curl.haxx.se/ -- http://daniel.haxx.se/
> [[ Do not send mails to this email address. They won't reach me. ]]
Received on 2004-02-10