cURL / Mailing Lists / curl-library / Single Mail

curl-library

FW: curl feature request

From: Nathan Herring <nathanh_at_microsoft.com>
Date: Sun, 29 Jul 2007 13:55:37 -0700

I had originally sent this to curl-users, but Daniel Stenburg [daniel_at_haxx.se] suggested this would be the better forum.

Thanks in advance,
nh

-----Original Message-----
From: Nathan Herring
Sent: Friday, July 27, 2007 4:51 PM
To: curl-users_at_cool.haxx.se
Subject: curl feature request

This originated with my use of the stock curl shipped with Mac OS X 10.4, and they re-directed my feature request here.

If you're using GSS-Negotiate, and if you use "--user :", then you get the current principal in your default Kerberos credential cache. However, it appears not to support entering any other name there. I would like to request that if the given argument for "--user" is not the special-cased ":", then treat it as a Kerberos principal, and try and acquire credentials specifically for that principal (which may not be the principal in the default credential cache).

The reason for the request is if you have more than one credential cache with different credentials, the "right" one may not be the active one, and if your script controlling curl is smart enough, it could ask for the appropriate version and not pass incompatible credentials to the server.

Here's some pseudocode for what I'm thinking:

gss_import_name(nameBuffer, GSS_C_NT_USER_NAME, &userPrincipalName);
gss_acquire_cred(userPrincipalName, GSS_C_INDEFINITE, GSS_C_NO_OID_SET, GSS_C_INITIATE, &userCredentials, NULL, NULL);

and then for gss_init_sec_context, providing userCredentials (or NULL if you got the ":").

The curl on Mac OS X 10.4.10 is curl 7.13.1 (powerpc-apple-darwin8.0) libcur/7.13.1 OpenSSL/0.9.7l zlib/1.2.3. (The "powerpc" is a bit of a misnomer since Apple provides a universal version, and the intel side is clearly running on my MacBook Pro.)

My apologies if this is already addressed, or if this is an improper forum. (Just point me in the right direction.)

-nh

--
Nathan Herring
CoreCLR SDE/Development
Received on 2007-07-29