Hi folks,

I already sent this to the curl mailinglist and by Daniel Stenberg's
recommendation:

> Please consider taking this subject to the curl-library mailing list since this is really about what libcurl does or doesn't and what the features are named or not.
> As I am personally quite clueless about kerberos, GSS, spnego and those matters, I will also appreciate explicit patches or suggestions what should be named what.

I am resending to the libcurl mailing list.

this is somewhat related to my previous message (fbopenssl and SPNEGO)
but I wanted to open a separate thread for this.

My prime assumption on GSSAPI and SPNEGO support for cURL was false
because of the configure script output.

It says:
GSSAPI support: yes/no
SPNEGO support: yes/no.

Now, if you compile with GSSAPI support curl --version gives you:
Features: ...GSS-Negotiate...

This is, imho, completely wrong. Eventhough there is still no support
for Negotiate auth in HTTP. You need fbopenssl. But this should work for
ldap, smtp, ftp and stuff.

Since GSSAPI and SPNEGO are not the same, it should clearly say:
Features: ...GSSAPI...

with the auth option --gssapi for appropriate protocols.
But now if you need SPNEGO on top, compile it in and have
Features: ...GSSAPI SPNEGO...
Now you could do for HTTP: --negotiate

As a remark, Active Directory supports both for auth with SASL: GSSAPI
and GSS-SPNEGO.

This would tremendiously clarify this naming problem and avoid traps in
which I felt in.

Mike
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2011-09-04