cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Kerberos v5 FTP?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Tue, 26 Jun 2007 23:42:52 +0200 (CEST)

On Tue, 26 Jun 2007, Thomas J. Moore wrote:

> OK, I've just come back from 4 days away from this, and decided to make a
> few quick changes this morning to have it use the same options as the krb4
> support did. That way, anything using libcurl that supported turning on
> krb4 should work without modifications using krb5 (assuming the newer
> libcurl + gssapi support, and assuming it doesn't check for the krb4
> feature).

Great!

We should make sure the old command line option still works though and not
simply rename it to the new. That is easily made by simply accepting --krb4 as
well as --krb.

> Well, most Linux distributions come with a fairly easy to install kerberos
> server & associated FTP server. How is the kerberos5/gssapi HTTP stuff
> being tested?

It isn't tested in any kind of test suite, only live by users (and I have no
idea how widespread the usage of those features is).

The only minor problems I have with your patch are:

1) it unconditionally makes name resolving use AI_CANONNAME to getaddrinfo()
    which will add unnecessary reverse lookups to libcurl resolves that have
    no need for them - I would rather like to see that bit get switched on
    dynamicly only when that data is actually needed.

2) + /* FIXME: need to free this eventually */
    + ai->ai_canonname = strdup(he->h_name);

    ... this sounds and looks like a memory leak to me!

-- 
  Commercial curl and libcurl Technical Support: http://haxx.se/curl.html
Received on 2007-06-27