Re: problem using NTLM authentication with default OS credentials
Date: Fri, 11 Jul 2014 11:44:49 +0100
On Fri, 2014-05-30 at 01:13 -0700, jasper_ro_at_yahoo.com wrote:
> curl_easy_setopt(curl_handle,CURL_PROXYAUTH,CURLAUTH_NTLM | CURLAUTH_NTLM_WB | CURLAUTH_GSSNEGOTIATE);
> curl_easy_perform(curl_handle) ;
> Is there a known problem in curl for running this way in linux ?
I've just sent patches which fix two problems that were preventing this
from working for you.
As Michael correctly pointed out, you *did* need to supply a username,
since the ntlm_auth helper tool doesn't infer it automatically. That's
because the ntlm_auth helper was really designed for *server*
authentication, and client support was added as an afterthought. So it
expects to be *told* the username.
And modern NTLM responses will also be too large for the buffer that
curl was using to receive them; I've fixed that too.
However, there's a third problem — you need to drop CURLAUTH_NTLM from
your auth options. Otherwise it'll try 'native' NTLM using that empty
username and password (doh!) before trying the automatic NTLM
authentication via winbind.
Which is a bit stupid, admittedly, but I'm not quite sure what the best
fix is. Should we patch http.c to always try ntlm_wb *before* ntlm auth?
Or patch the native NTLM auth method to bail out if the username and
password are empty? Or both?
-- David Woodhouse Open Source Technology Centre David.Woodhouse_at_intel.com Intel Corporation
- application/x-pkcs7-signature attachment: smime.p7s