cURL / Mailing Lists / curl-library / Single Mail


RE: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token

From: Steve Holme <>
Date: Sun, 13 Jul 2014 19:36:48 +0100

On Sun, 13 Jul 2014, Michael Osipov wrote:

> > On a side note, we are currently missing support for the GSSAPI
> > mechanism and Winbind NTLM implementation in the email
> > protocols.
> Are you implementing SASL your self for curl or do you use
> CyrusSASL? I know that Windows has a native SASL impl but that
> seems to be available on Windows Server only.

We currently have native support for the following SASL authentication mechanisms:

CRAM-MD5, DIGEST-MD5, LOGIN, NTLM and PLAIN with support for extensions such as OAUTH2.

This could be extended to include the HTTP authentication mechanisms as well and turn our SASL module into a more generic authentication layer that includes both SASL and HTTP mechanisms.

I don't know enough about CyrusSASL at the moment but that was one of the third-party libraries I was thinking of that we could integrate with - if we wanted to.
> > * Support both of these in the email protocols and any other
> > protocols that can use authentication (For example I want to look
> > at ldap in more detail afterwards)
> > * Simplify the NTLM code as both native and SSPI is intermingled
> > making it difficult to follow
> > * Support third party sasl/authentication modules with relative
> > ease
> More than that. I could be completely decoupled from HTTP and
> used for any GSS/SSPI-based service, like HTTP, FTP, SMTP, IMAP,
> etc. The low-end impl is always the same.

Indeed - this is roughly what I had in mind and what I've started to do with curl_sasl.c and curl_sasl_sspi.c as they are shared by the three email protocols ;-)

Kind Regards


List admin:
Received on 2014-07-13