Hi Steve,
Still on the PROXYAUTH.
My experience is that this very rarely happens and you have to make your
software flexible enough that it can be configured to work in the different
customer's environments.
I agree, this is the reason I used CURLAUTH_ANY since according to the
documentation I would expect:
"This is a convenience macro that sets all bits and thus makes libcurl
pick any it finds suitable. libcurl will automatically select the one it
finds most secure. "
I quite do not get your second suggestion: I am currently using
PROXY-ANYAUTH because the software goes to different customers
and I cannot guess the right order of proxy for each customer.
- Is there a way to tell Libcurl which is the order of the authentication
to use?
Not as far as I am aware... This is something I want to implement for SMTP
but I don't think any of the other protocols do this at present (Although I
could be very wrong here!!).
You can only tell libcurl what authentication mechanisms to use through
curl_easy_setopt(CURLOPT_PROXYAUTH, CURLAUTH_NTLM) for example. The second
parameter is a bitmask of the mechanisms you want to use but it could just
as easy be a single mechanism - Unfortunately though this doesn't specify
the order. I hope I have the correct syntax there as I am having difficulty
accessing the curl website at the moment and can't verify this info for you
If you have a config file / ini file / registry entry for your application I
would recommend an entry that specifies the mechanism that you then pass
onto libcurl through the above call to curl_easy_setopt().
It is not a problem to store a configuration.
The problem is the user can give me username and password (which I store
crypted in a config file), however the user does not know what is NTLM..
I could test all the AUTH protocols, but it seems CURLAUTH_ANY
should/would do it:
" libcurl will automatically select the one it finds most secure. "
Does it work? Not for my customer.
- Or maybe to test all the authentication before failing? Testing all of:
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
I don't believe this is currently possible but others on the list might be
able to confirm it for you. I guess libcurl would have to:
* Try GSS in this example
* If that fails it would then move on and try the next supported mechanism
(Kerberos in this example)
* If that fails then it would move on and try NTLM
* That would then succeed in your scenario so then libcurl would continue
with the URL request
If this is something you would like to try, I would suggest downloading the
libcurl source code and start hacking
Hope I will have the chance.
Kind regards,
Matteo
Kind Regards
Steve
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
