cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: problem using NTLM authentication with default OS credentials

From: David Woodhouse <dwmw2_at_infradead.org>
Date: Fri, 11 Jul 2014 11:09:11 +0100

On Fri, 2014-07-11 at 12:01 +0200, Michael Osipov wrote:
> Am 2014-07-11 11:47, schrieb David Woodhouse:
> > On Fri, 2014-07-11 at 11:24 +0200, Michael Osipov wrote:
> >> Am 2014-07-10 17:17, schrieb David Woodhouse:
> >>> On Fri, 2014-05-30 at 10:21 +0200, Michael-O wrote:
> >>>>
> >>>> Providing ':' will only work with SSPI, on Linux/Unix, there is not
> >>>> NTLM password cache. ':' works only with a Kerberos credential cache.
> >>>
> >>> That isn't strictly true. Samba/winbind has an NTLM password cache, and
> >>> it works fine via the /usr/bin/ntlm_auth helper tool or libwbclient.
> >>>
> >>> Firefox uses this to authenticate to HTTP servers, as does libsoup.
> >>
> >> That is correct on Unix. Though, I do not have this setup running at
> >> work. That is feature NTLM_WB. Did you actually try that with curl?
> >
> > FWIW you can test with a trivial replacement for ntlm_auth with your
> > password compiled in. http://david.woodhou.se/ntlm_auth_v2.c should do
> > it.
> >
> > I just tested it here and it's broken though, since the auth response is
> > usually larger than the 200 bytes that the curl expects. This fixes it
> > for me: http://git.infradead.org/users/dwmw2/curl.git/commitdiff/655d313
>
> If so, provide a decent patch to curl.

That *is* a decent patch to curl. As for 'providing' it... I'm working
on a patch set that fixes SPNEGO first, and then I'll submit the whole
lot. Watch this space...

-- 
dwmw2

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • application/x-pkcs7-signature attachment: smime.p7s
Received on 2014-07-11