cURL / Mailing Lists / curl-library / Single Mail

curl-library

[ curl-Bugs-1281867 ] SSPI and system account (fwd)

From: Daniel Stenberg <daniel-curl_at_haxx.se>
Date: Thu, 8 Sep 2005 08:11:02 +0200 (CEST)

Hi good friends!

This bug report is about what libcurl should do when using SSPI in "system
context" (Windows only).

I'm not capable of fixing this, or even explaining what it does today or
hardly anything about this! ;-)

Is there anyone who agrees that this is a problem?

If so, is there anyone capable of making a fix along the lines that is
suggested in this report?

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
---------- Forwarded message ----------
Date: Wed, 07 Sep 2005 14:51:03 -0700
From: SourceForge.net <noreply_at_sourceforge.net>
To: noreply_at_sourceforge.net
Subject: [ curl-Bugs-1281867 ] SSPI and system account
Bugs item #1281867, was opened at 2005-09-05 04:27
Message generated for change (Comment added) made by notbremse1
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1281867&group_id=976
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: http
Group: wrong behaviour
Status: Open
Resolution: None
Priority: 5
Submitted By: Randy (notbremse1)
Assigned to: Daniel Stenberg (bagder)
Summary: SSPI and system account
Initial Comment:
Hi,
I've written a script to download some files via http
using curl and using sspi for authentication.  This
works great as long as it is run under the security
context of a user.
However, when run under the system account context
(i.e. a group policy startup script), it no longer
seems authenticate properly.
Here is an excerpt from the IIS log.
curl --ntlm -u : <url>    (run under user context)
_______________________________________
03:58:24 172.16.1.170 DOMAIN\RandyT W3SVC1 GET
/MS+Office+2000+wSR1/LICENSE.TXT 200 0 HTTP/1.1 6nzq541
curl --ntlm -u : <url>    (run under system context)
_______________________________________
04:00:15 172.16.3.19 - W3SVC1 GET
/MS+Office+2000+wSR1/LICENSE.TXT 401 5 HTTP/1.1 6nzq541
Run under system account context with scripted Internet
Explorer or winhttp 5.1
____________________________________________________
04:00:15 172.16.3.19 DOMAIN\RTTESTSYSTEM$ W3SVC1 GET
/MS+Office+2000+wSR1/LICENSE.TXT 200 0 HTTP/1.1 6nzq541
----------------------------------------------------------------------
>Comment By: Randy (notbremse1)
Date: 2005-09-07 21:51
Message:
Logged In: YES
user_id=1339800
Sorry for the delay getting back to you.
I believe it should use the active directory domain computer
account.
The DOMAIN\RTTESTSYSTEM$ user that is used by
Internet Explorer in the same context is the computer
account in active directory for the system I was testing on.
-Randy
----------------------------------------------------------------------
Comment By: Daniel Stenberg (bagder)
Date: 2005-09-05 08:20
Message:
Logged In: YES
user_id=1110
So what is it supposed to do under "system context" ? I
thought the point would be that it gets the user + password
from the current user, and if there's no user what should it
do/use ?
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100976&aid=1281867&group_id=976

Received on 2005-09-08

This message: [ Message body ]
Next message: Rajneesh: "Port for VxWorks"
Previous message: Alexander Lazic: "Re: curl_multi_fdset alternatives"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]