cURL / Mailing Lists / curl-library / Single Mail


Re: http_negotiate_sspi.c in CURL 7.21.7 doesn't allow to pass user/password

From: Leonardo Rosati <>
Date: Thu, 10 Jul 2014 17:29:41 +0200

Correct, in my opinion, by design, with SSP1 the intention is to be
authenticated with user name and password if passed, if not, by the system
I've verified that NTLM works in this way (below the reference to the code)
instead the negotiate sspi has a bug because it doesn't accept username and
password: if passed system account is always used.

My intention was to submit a change to have negotiate to work like NTLM.

Does anyone have any suggestion looking at the code?


2014-07-10 3:02 GMT+02:00 Daniel Stenberg <>:

> On Wed, 9 Jul 2014, Michael-O wrote:
> Again, nothing is passed and should not be. Everything is done
>> automatically by SSPI. Period. -u : is simply a bug in curl. No more, no
>> less.
> What are you talking about? It is not a bug, it is by design. Possibly not
> the most conveniant way but it certainly is not a bug? What's the bug
> exactly you say?
> With SSPI NTLM, you can specify a user name and password with -u, or you
> can ask curl to use the "system" ones for the current user.
> --
> /
> -------------------------------------------------------------------
> List admin:
> Etiquette:

List admin:
Received on 2014-07-10