cURL / Mailing Lists / curl-library / Single Mail

curl-library

RE: Failure with --proxy-anyauth on NTLM

From: Steve Holme <steve_holme_at_hotmail.com>
Date: Sat, 31 Mar 2012 19:33:40 +0100

Hi Matteo,

> sorry I am replying to a digest, I hope the email get threaded correctly.

It seems okay with Outlook but I'm not viewing it in threaded view!

However, could I please ask you to not Top Post as per the curl etiquette
guide - Instead integrate your reply as follows:

> Your explanation of the problem fits nicely with what I experienced.
> I am going to ask to the sysadmin of the customer to remove/reorder
> the proxy authentication protocols.
>
> However it is unlikely to happen.

My experience is that this very rarely happens and you have to make your
software flexible enough that it can be configured to work in the different
customer's environments.

> I quite do not get your second suggestion: I am currently using
> PROXY-ANYAUTH because the software goes to different customers
> and I cannot guess the right order of proxy for each customer.
> - Is there a way to tell Libcurl which is the order of the authentication
to use?

Not as far as I am aware... This is something I want to implement for SMTP
but I don't think any of the other protocols do this at present (Although I
could be very wrong here!!).

You can only tell libcurl what authentication mechanisms to use through
curl_easy_setopt(CURLOPT_PROXYAUTH, CURLAUTH_NTLM) for example. The second
parameter is a bitmask of the mechanisms you want to use but it could just
as easy be a single mechanism - Unfortunately though this doesn't specify
the order. I hope I have the correct syntax there as I am having difficulty
accessing the curl website at the moment and can't verify this info for you
:(

If you have a config file / ini file / registry entry for your application I
would recommend an entry that specifies the mechanism that you then pass
onto libcurl through the above call to curl_easy_setopt().

> - Or maybe to test all the authentication before failing? Testing all of:
>
> Proxy-Authenticate: Negotiate
> Proxy-Authenticate: Kerberos
> Proxy-Authenticate: NTLM

I don't believe this is currently possible but others on the list might be
able to confirm it for you. I guess libcurl would have to:

* Try GSS in this example
* If that fails it would then move on and try the next supported mechanism
(Kerberos in this example)
* If that fails then it would move on and try NTLM
* That would then succeed in your scenario so then libcurl would continue
with the URL request

If this is something you would like to try, I would suggest downloading the
libcurl source code and start hacking ;-)

Kind Regards

Steve

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-04-01

This message: [ Message body ]
Next message: Steve Holme: "RE: [PATCH] POP3: Expanded the supported commands"
Previous message: Steve Holme: "RE: Support for authentication DIGEST-MD5 for SMTP"
Next in thread: Matteo Fiorito: "RE: Failure with --proxy-anyauth on NTLM"
Maybe reply: Matteo Fiorito: "RE: Failure with --proxy-anyauth on NTLM"
Maybe reply: Steve Holme: "RE: Failure with --proxy-anyauth on NTLM"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]