cURL / Mailing Lists / curl-library / Single Mail


Re: problem using NTLM authentication with default OS credentials

From: Michael Osipov <>
Date: Fri, 11 Jul 2014 12:11:44 +0200

Am 2014-07-11 12:09, schrieb David Woodhouse:
> On Fri, 2014-07-11 at 12:01 +0200, Michael Osipov wrote:
>> Am 2014-07-11 11:47, schrieb David Woodhouse:
>>> On Fri, 2014-07-11 at 11:24 +0200, Michael Osipov wrote:
>>>> Am 2014-07-10 17:17, schrieb David Woodhouse:
>>>>> On Fri, 2014-05-30 at 10:21 +0200, Michael-O wrote:
>>>>>> Providing ':' will only work with SSPI, on Linux/Unix, there is not
>>>>>> NTLM password cache. ':' works only with a Kerberos credential cache.
>>>>> That isn't strictly true. Samba/winbind has an NTLM password cache, and
>>>>> it works fine via the /usr/bin/ntlm_auth helper tool or libwbclient.
>>>>> Firefox uses this to authenticate to HTTP servers, as does libsoup.
>>>> That is correct on Unix. Though, I do not have this setup running at
>>>> work. That is feature NTLM_WB. Did you actually try that with curl?
>>> FWIW you can test with a trivial replacement for ntlm_auth with your
>>> password compiled in. should do
>>> it.
>>> I just tested it here and it's broken though, since the auth response is
>>> usually larger than the 200 bytes that the curl expects. This fixes it
>>> for me:
>> If so, provide a decent patch to curl.
> That *is* a decent patch to curl. As for 'providing' it... I'm working
> on a patch set that fixes SPNEGO first, and then I'll submit the whole
> lot. Watch this space...

Sorry, by decent I meant a separate mail with [PATCH] and so forth.

List admin:
Received on 2014-07-11