On Fri, 2014-05-30 at 01:13 -0700, [email protected] wrote:
> curl_easy_setopt(curl_handle,CURL_PROXYAUTH,CURLAUTH_NTLM | CURLAUTH_NTLM_WB 
> | CURLAUTH_GSSNEGOTIATE);
> curl_easy_setopt(curl_handle,CURL_PROXYUSERPWD,":");
> curl_easy_perform(curl_handle) ;
 ...
> Is there a known problem in curl for running this way in linux ?

I've just sent patches which fix two problems that were preventing this
from working for you.

As Michael correctly pointed out, you *did* need to supply a username,
since the ntlm_auth helper tool doesn't infer it automatically. That's
because the ntlm_auth helper was really designed for *server*
authentication, and client support was added as an afterthought. So it
expects to be *told* the username.

And modern NTLM responses will also be too large for the buffer that
curl was using to receive them; I've fixed that too.

However, there's a third problem — you need to drop CURLAUTH_NTLM from
your auth options. Otherwise it'll try 'native' NTLM using that empty
username and password (doh!) before trying the automatic NTLM
authentication via winbind.

Which is a bit stupid, admittedly, but I'm not quite sure what the best
fix is. Should we patch http.c to always try ntlm_wb *before* ntlm auth?
Or patch the native NTLM auth method to bail out if the username and
password are empty? Or both?

-- 
David Woodhouse                            Open Source Technology Centre
[email protected]                              Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Reply via email to