cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: LibCurl with NTLM and Kerberos authentication

From: Michael König <plasm_at_plasm.de>
Date: Thu, 3 Sep 2015 11:58:36 +0200 (CEST)

Hi there!

> Steven Garno <sgarno_at_carpedatuminc.com> hat am 3. September 2015 um 00:42
> geschrieben:
>
>
> Support,
>
> We seem to be experiencing some difficulties in getting libcurl to work with
> NTLM and Kerberos authentication on a windows platform. Any help would be
> greatly appreciated.
>
http://curl.haxx.se/libcurl/c/debug.html

Apply the debug code to your source and see what chatty libcurl has to say
during the exchange. This helped me a number of times already.

Without it and with only the information you provided, everything below is
educated guesswork.
> Here is the problem:
>
> We have a site configured to use NTLM Negotiate authentication mechanism (also
> tried Kerberos instead of NTLM). When I call the URL in the browser while
> monitoring the traffic in Fiddler, the negotiate authentication works as
> expected: first two requests return 401 and the third one returns 200.
>
How was your libcurl built? Did you enable SSPI? Or OpenSSL? If you did
neither libcurl would not have the ability to do NTLM or Kerberos, i think.

for example the name of my last build directory was something like this:
libcurl-vc9-x86-release-static-zlib-static-ssh2-static-ipv6-sspi-winssl-obj-lib

> [cid:image001.jpg_at_01D0E59E.4E613010]
>
>
> However, when I try to make the same call using cURL, the negotiation never
> happens, only one request is made and 401 status is returned:
>
> [cid:image002.jpg_at_01D0E59E.4E613010]
>
> I tried a setting this optionin cURL before making the call:
> curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE)
>
> Also, tried setting it this way:
> curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE |
> CURLAUTH_NTLM)
>
> And this way:
> curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY)
>
> The result is always the same - one request returning 401. The second (and
> sometimes third) negotiations never seem to happen. What are we doing/not
> doing correctly?
>
Assuming the webserver only accepts NEGO/NTLMv2 your libcurl might just
not be able to do what you are asking, if you missed the right options at
build time.

Greetings,
Michael
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-09-03

This message: [ Message body ]
Next message: Isaac Boukris: "Re: LibCurl with NTLM and Kerberos authentication"
Previous message: Daniel Stenberg: "Introducing CURL_HAS() ?"
In reply to: Steven Garno: "LibCurl with NTLM and Kerberos authentication"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]