Robert, what you have to do is somethink like curl does with --negotiate only for the proxy auth instead of the normal web auth. Look at http_negotiate.c from curl (This uses a spnego helper library which I think is not anymore necessary as MIT/Heimdal support spnego)
Regards Markus "Robert Nash" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi All, > > > > This did not seem to post yesterday so I thought I would try it > again.... > > > > Like most companies we have a proxy that we use to get to the outside > world, what I want to do is get through that proxy from my UNIX server > (we use AIX) to an HTTP web service. > > > > Here is what I'm doing at the moment (and how Kerberos fits into this), > I have a C++ program, > > 1) I open a socket to the proxy@ port 80, > > 2) Once connected I send the http command, "CONNECT > www.fedexfreight.fedex.com HTTP/1.0\n\n" > > > > 3) The proxy responds with: > > HTTP/1.1 407 Proxy Authentication Required (The ISA Server requires > authorization to fulfill the request. Access to the Web Proxy service is > denied. ) > > Via:1.1 WISA1 > > Proxy-Authenticate: NTLM > > Proxy-Authenticate: Kerberos > > Proxy-Authenticate: Negotiate > > > > *** from what I understand the proxy is telling me that it will only > accept NTLM, Kerberos or Negotiate to authenticate, so from Unix the > only option I can see is Kerberos, I downloaded the krb5-1.4.4 source, > built everything, but I cannot get any where with the samples. I'm > guessing that I somehow need to encrypt my user & password and pass that > to the proxy, It has to work somehow because I downloaded the mozilla > source, built it and it works great, prompts me for my user id and > password for the proxy and then no problem getting to the internet. > > > > Is there a better way to do this? > > > > I used the Microsoft WININET tools and it's a snap, just a few lines of > code a I'm through, but of course that won't help in Unix. > > > > > > Thanks! > > Bob > > > > ******************NOTICE******************* > This e-mail, including any attachments, is intended for the receipt and > use by the intended addressee(s) only and may contain privileged, > confidential, work-product and/or trade secret information of a > proprietary nature. If you are not an intended recipient of this e-mail, > you are hereby notified that any unauthorized use, distribution or > re-transmission of this e-mail or any attachment(s) is strictly prohibited > and that all rights of the sender and/or intended recipients are hereby > reserved without prejudice thereto. > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
