Mailing Lists

curl-tracker Archives

[curl:bugs] #1495 HTTP SPNEGO authentication doesn't seem to work properly under Linux

From: Gunnar Schulze <g_schulze_at_users.sf.net>
Date: Mon, 16 Mar 2015 08:15:41 +0000

Thank you for the quick reply! The issue indeed turned out to be a network setup problem, so sorry for the inconvenience. In the krb5.conf config file, the mappings in the [domain_realm] section were incorrect. What tempted me to file a bug in the first place was that for three different versions of curl, I was getting three different behaviors on the server side. I am trying to get a Hadoop deployment to work properly with Kerberos security enabled, so given the observed behavior I didn't suspect the issue to be at the server side.

---
** [bugs:#1495] HTTP SPNEGO authentication doesn't seem to work properly under Linux**
**Status:** open
**Labels:** SPNEGO Kerberos 
**Created:** Fri Mar 13, 2015 02:17 PM UTC by Gunnar Schulze
**Last Updated:** Fri Mar 13, 2015 08:43 PM UTC
**Owner:** nobody
### Description ###
HTTP SPNEGO authentication doesn't seem to work properly under Linux (Centos 6.6). However, the version that is shipped with MacOS X Yosemite works as expected.
#### Curl Version used on Mac OS X: ####
curl 7.37.1 (x86_64-apple-darwin14.0) libcurl/7.37.1 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz 
#### Curl Version used on CentOS (self-compiled) ####
curl 7.41.0 (x86_64-redhat-linux-gnu) libcurl/7.41.0 NSS/3.16.2.3 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets 
---
### Steps to reproduce ###
$ kinit principal_at_REALM
$ curl --negotiate -u : http://host.domain:8888/path/to/rest/api
#### Expected response ####
{
	// Some JSON output		
}
#### Actual response ####
HTTP ERROR 403
Problem accessing /path/to/rest/api. Reason: 
    GSSException: No credential found for: 1.3.6.1.5.2.5 usage: Accept
---
On both operating systems I am able to obtain a valid Kerberos Ticket, however, authentication fails on the Linux machine. What is probably worth mentioning is that the Mac OS X version is compiled against Heimdal Kerberos whereas the Linux version is built against the MIT implementation.
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.

Received on 2015-03-16

This message: [ Message body ]
Next message: Michael Osipov: "[curl:bugs] #1495 HTTP SPNEGO authentication doesn't seem to work properly under Linux"
Previous message: Daniel Stenberg: "[curl:bugs] #1424 happy eyeballs problem with host unaccessible over ipv6"
In reply to: Gunnar Schulze: "[curl:bugs] #1495 HTTP SPNEGO authentication doesn't seem to work properly under Linux"
Next in thread: Michael Osipov: "[curl:bugs] #1495 HTTP SPNEGO authentication doesn't seem to work properly under Linux"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

These mail archives are generated by hypermail.