cURL / Mailing Lists / curl-library / Single Mail


Re: problem using NTLM authentication with default OS credentials

From: Michael Osipov <>
Date: Fri, 11 Jul 2014 11:24:25 +0200

Am 2014-07-10 17:17, schrieb David Woodhouse:
> On Fri, 2014-05-30 at 10:21 +0200, Michael-O wrote:
>> Providing ':' will only work with SSPI, on Linux/Unix, there is not
>> NTLM password cache. ':' works only with a Kerberos credential cache.
> That isn't strictly true. Samba/winbind has an NTLM password cache, and
> it works fine via the /usr/bin/ntlm_auth helper tool or libwbclient.
> Firefox uses this to authenticate to HTTP servers, as does libsoup.

That is correct on Unix. Though, I do not have this setup running at
work. That is feature NTLM_WB. Did you actually try that with curl?

> I've also just fixed the GSS-NTLMSSP module to do it, at least in my
> local tree. And thus libcurl ought to work...

Are you talking about Heimdal's NTLM support?

> well, it would if it
> correctly did SPNEGO for Negotiate auth, rather than just Kerberos.

It does actually. I have provided a patch to fix this and make SPNEGO
work only if it is available. The patch has not been merged yet.

SPNEGO works both on Unix and Windows.


List admin:
Received on 2014-07-11