Re: Specifying the authentication mechanism
On Sun, 26 Jun 2016, Steve Holme wrote: In that Pull Request I opened up the question of whether we should be using the HTTP AUTH option for LDAP and whether we should look at merging the SASL authentication mechanisms with the HTTP option? I figure we should consider adding an aliased name for "HTTP AUTH" to be "HOST AUTH" or "SERVER AUTH" or something then if it is going to be used for more than just HTTP... The PROXYAUTH brother option is already named suitably protocol agnostic. -- / daniel.haxx.se --- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Re: Specifying the authentication mechanism
2016-06-27 11:55 GMT+03:00 Patrick Monnerat: > Steve Holme wrote: > >> In that Pull Request I opened up the question of whether we should be using >> the HTTP AUTH option for LDAP and whether we should look at merging the SASL >> authentication mechanisms with the HTTP option? > > Hi Steve, > > I have no particular opinion about the curl tool options. But does it make > sense to have option --digest for a non-HTTP protocol ? Yes. For, as you've mentioned it, W$ LDAP, LDAP_AUTH_DIGEST will employ digest authentication package. For OpenLDAP it can be LDAP-SASL authentication running using the DIGEST-MD5 mechanism. > > Cheers, > Patrick > > ** > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote also confirms that this email message has been swept by > Clearswift for the presence of computer viruses. > > www.clearswift.com > ** > > > --- > List admin: https://cool.haxx.se/list/listinfo/curl-library > Etiquette: https://curl.haxx.se/mail/etiquette.html -- Best Regards, Sergei Nikulov --- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
RE: Specifying the authentication mechanism
Steve Holme wrote: > In that Pull Request I opened up the question of whether we should be using > the HTTP AUTH option for LDAP and whether we should look at merging the SASL > authentication mechanisms with the HTTP option? Hi Steve, I may not be the good person for W$ LDAP, but I've looked at the openldap backend and I really would like to implement SASL authentication via our SASL procedures. Unfortunately, this requires implementing a "binary mode" in the sasl module. I already started it, but it is stalled yet since I'm very busy. I have no particular opinion about the curl tool options. But does it make sense to have option --digest for a non-HTTP protocol ? Cheers, Patrick ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by Clearswift for the presence of computer viruses. www.clearswift.com ** --- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html
Specifying the authentication mechanism
Hi all, We recently received a Pull Request [1] to add support for ldap_bind_s() on Windows and as such use more secure authentication mechanisms. With this came the ability for the user / programmer to specify the required authentication mechanism to use via --basic, --digest and --ntlm (from the curl command line) and from CURLOPT_HTTPAUTH from libcurl. In that Pull Request I opened up the question of whether we should be using the HTTP AUTH option for LDAP and whether we should look at merging the SASL authentication mechanisms with the HTTP option? This means that potentially we could add the following "current" command line options to other protocols: --basic - for IMAP, POP3 and SMTP --digest - for IMAP, POP3 and SMTP --ntlm - for IMAP, POP3 and SMTP ...and the following "new" command line options: --gssapi (or --krb5) for LDAP, IMAP, POP3 and SMTP --cram-md5 for IMAP, POP3 and SMTP --plain (or --login) depending which of these --basic was used for! This would also mean that the options parsing, from the command line, that the mail protocols currently do could be made a little more generic and used by HTTP (as currently planned) and LDAP. As such, I thought it worth dropping a line to the mailing list to ask for peoples opinions as I know not everyone looks at the PR's on GitHub. Many thanks for your input Kind Regards Steve [1] https://github.com/curl/curl/pull/878 --- List admin: https://cool.haxx.se/list/listinfo/curl-library Etiquette: https://curl.haxx.se/mail/etiquette.html