Hi Daniel,
Sorry if I may add more confusion, but the right way to do it with the
newer Kerberos libraries is to use a flag with curl (e.g. --spnego) and set
the mech type to the right value in curl_gssapi.c
#ifndef HAVE_SPENGO_MECH
/* gss_mech_spnego might already be defined extern should be checked during
configure*/
static gss_OID_desc _gss_mech_spnego =
{ 6, (void *) "\x2b\x06\x01\x05\x05\x02" };
gss_OID gss_mech_spnego = &_gss_mech_spnego;
#endif
if (spnego)
mech = gss_mech_spnego
else
mech = GSS_C_NO_OID
return gss_init_sec_context(minor_status,
GSS_C_NO_CREDENTIAL, /* cred_handle */
context,
target_name,
mech, /* mech_type */
req_flags,
0, /* time_req */
input_chan_bindings,
input_token,
NULL, /* actual_mech_type */
output_token,
ret_flags,
NULL /* time_rec */);
I still wonder why the server Arunav uses only accepts spnego as most accept
either gssapi or spengo tokens.
Regards
Markus
-----Original Message-----
From: Daniel Stenberg
Sent: Monday, September 30, 2013 7:30 AM Newsgroups:
gmane.comp.web.curl.library
To: libcurl development
Cc: Arunav Sanyal ; Markus Moeller
Subject: RE: PATCH: Curl Sanity patch for spnego authentication
On Wed, 25 Sep 2013, Arunav Sanyal wrote:
I use MIT Kebreros 1.11. And I can assure you the library does not handle
SPNEGO token conversion explicitly. Even when I specify different OID.
If you have your own server implementation which directly handles gssapi
tokens, fbopenssl is no longer required. My use case is curl trying to
authenticate with Tomcat 7.40.0 which expects SPNEGO token.
Hello Arunav, Kevin, Markus and the rest!
As I'm a GSS rookie and a SPNEGO cluebie, you need to help me out a little
bit
more here!
This discussion is certainly useful and something that benefits us all, but
I
have a very hard time to figure out which conclusions to draw and how to
proceed here. Can I get your help please?
Can we start with Arunav's specific patch[1] for SPNEGO that I
questioned[2],
he said he agreed to my doubts[3] and yet he seems to say the fixes are
fine.
I can't make sense of that and I don't fully grasp how SPNEGO works in
combination with the GSS stuff. Can't you have both enabled in a single
libcurl build?
I would really like an opinion and help on this from someone else who knows
more about this area than I do! Is the patch fine to merge? If not, what's
the
problem? If it is, won't a combined SPNEGO + GSS build crash and burn?
[1] = http://curl.haxx.se/mail/lib-2013-09/0095.html
[2] = http://curl.haxx.se/mail/lib-2013-09/0112.html
[3] = http://curl.haxx.se/mail/lib-2013-09/0115.html
--
/ daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
