cURL / Mailing Lists / curl-library / Single Mail


Re: problem using NTLM authentication with default OS credentials

From: David Woodhouse <>
Date: Fri, 11 Jul 2014 11:44:49 +0100

On Fri, 2014-05-30 at 01:13 -0700, wrote:
> curl_easy_setopt(curl_handle,CURL_PROXYUSERPWD,":");
> curl_easy_perform(curl_handle) ;
> Is there a known problem in curl for running this way in linux ?

I've just sent patches which fix two problems that were preventing this
from working for you.

As Michael correctly pointed out, you *did* need to supply a username,
since the ntlm_auth helper tool doesn't infer it automatically. That's
because the ntlm_auth helper was really designed for *server*
authentication, and client support was added as an afterthought. So it
expects to be *told* the username.

And modern NTLM responses will also be too large for the buffer that
curl was using to receive them; I've fixed that too.

However, there's a third problem — you need to drop CURLAUTH_NTLM from
your auth options. Otherwise it'll try 'native' NTLM using that empty
username and password (doh!) before trying the automatic NTLM
authentication via winbind.

Which is a bit stupid, admittedly, but I'm not quite sure what the best
fix is. Should we patch http.c to always try ntlm_wb *before* ntlm auth?
Or patch the native NTLM auth method to bail out if the username and
password are empty? Or both?

David Woodhouse                            Open Source Technology Centre                              Intel Corporation

List admin:

  • application/x-pkcs7-signature attachment: smime.p7s
Received on 2014-07-11