cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] SF bug #1302: HTTP Auth Negotiate sends Kerberos token instead of SPNEGO token

From: Michael Osipov <>
Date: Tue, 15 Jul 2014 22:24:59 +0200

Am 2014-07-15 15:34, schrieb David Woodhouse:
> On Tue, 2014-07-15 at 13:18 +0200, Michael Osipov wrote:
>> Please have a look again:
>> I'll test that by the end of the week and make a complete patch
>> proposal if everything is fine.
> Merged into git://, which
> now looks like this:
> David Woodhouse (8):
> ntlm_wb: Fix hard-coded limit on NTLM auth packet size
> ntlm_wb: Avoid invoking ntlm_auth helper with empty username

I do not think that this belongs in this patchset because it is
completely unrelated.

> Support WWW-Authenticate: Kerberos in place of defunct GSS-Negotiate

I am not convinced by that patch. I assumed you had the same intentions
as me with the entire chain, --kerberos over CURLAUTH_KERBEROS and so
forth. You mix two mechanisms within one code block, spite the same
flow, you cannot on/off any of them separately not do people really know
that curl will do that.
Additionally, I do not see why one would need two flags -- spnego and
protocol, an enum, as you have proposed does its job. I would really
provide a complete patch on top of your great work rather that provide a
hack with little control.

> Michael Osipov (4):
> Add feature and version info for GSS-API (like with SSPI)
> Deprecate GSS-Negotiate related macros due to bad naming
> Make Negotiate (SPNEGO) CLI options and help available only when appropriate
> Improve inline GSS-API naming in code documentation

I have shortened the log messages and pushed again. They should be fine
now. Recent changes from bagder/master are included too.

List admin:
Received on 2014-07-18