cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token

From: Michael Osipov <>
Date: Mon, 14 Jul 2014 21:51:01 +0200

Am 2014-07-14 21:15, schrieb Steve Holme:
> On Mon, 14 Jul 2014, Michael Osipov wrote:
> [...]
>> I was talking about the SASL implementation itself not the mechanisms it
>> supports. That's why I referred to Cyrus SASL. There are, of course, other
>> implementations like GNU SASL, Heimdal, etc.
> I would be interested to know what aspects of SASL you were referring to and any other thoughts/suggestions you have on the topic.

As far as I can see, curl_sasl.c implements SASL-based auth itself. As
far as I am acquiant with SASL, there are already good working
implemenatations which implements all known mechs like Digest, Kerberos,
Plain etc.

In Windows you have this [1], though I never figured out how this works
o the client side. On Unix you have Cyrus SASL, etc. That's what I have
tried to say.

Let's take the curl LDAP code for instance, it obviously uses native
Windows code or OpenLDAP where both already can use SASL underneath if
you performs SASL bind but that code does only a simple bind. Leaving
all SASL features behind. Options like --digest, --ntlm, --negotiate do
not work basically.


List admin:
Received on 2014-07-14