proxy authentication
Markus Moeller
huaraz at moeller.plus.com
Wed Oct 11 18:57:38 EDT 2006
Robert,
what you have to do is somethink like curl does with --negotiate only for
the proxy auth instead of the normal web auth. Look at http_negotiate.c
from curl (This uses a spnego helper library which I think is not anymore
necessary as MIT/Heimdal support spnego)
Regards
Markus
"Robert Nash" <Robert.Nash at national.fedex.com> wrote in message
news:BABD2E733E41BF489A00970B7CA834FA2BD1DE at WEXV2.watkins.lan...
> Hi All,
>
>
>
> This did not seem to post yesterday so I thought I would try it
> again....
>
>
>
> Like most companies we have a proxy that we use to get to the outside
> world, what I want to do is get through that proxy from my UNIX server
> (we use AIX) to an HTTP web service.
>
>
>
> Here is what I'm doing at the moment (and how Kerberos fits into this),
> I have a C++ program,
>
> 1) I open a socket to the proxy@ port 80,
>
> 2) Once connected I send the http command, "CONNECT
> www.fedexfreight.fedex.com HTTP/1.0\n\n"
>
>
>
> 3) The proxy responds with:
>
> HTTP/1.1 407 Proxy Authentication Required (The ISA Server requires
> authorization to fulfill the request. Access to the Web Proxy service is
> denied. )
>
> Via:1.1 WISA1
>
> Proxy-Authenticate: NTLM
>
> Proxy-Authenticate: Kerberos
>
> Proxy-Authenticate: Negotiate
>
>
>
> *** from what I understand the proxy is telling me that it will only
> accept NTLM, Kerberos or Negotiate to authenticate, so from Unix the
> only option I can see is Kerberos, I downloaded the krb5-1.4.4 source,
> built everything, but I cannot get any where with the samples. I'm
> guessing that I somehow need to encrypt my user & password and pass that
> to the proxy, It has to work somehow because I downloaded the mozilla
> source, built it and it works great, prompts me for my user id and
> password for the proxy and then no problem getting to the internet.
>
>
>
> Is there a better way to do this?
>
>
>
> I used the Microsoft WININET tools and it's a snap, just a few lines of
> code a I'm through, but of course that won't help in Unix.
>
>
>
>
>
> Thanks!
>
> Bob
>
>
>
> ******************NOTICE*******************
> This e-mail, including any attachments, is intended for the receipt and
> use by the intended addressee(s) only and may contain privileged,
> confidential, work-product and/or trade secret information of a
> proprietary nature. If you are not an intended recipient of this e-mail,
> you are hereby notified that any unauthorized use, distribution or
> re-transmission of this e-mail or any attachment(s) is strictly prohibited
> and that all rights of the sender and/or intended recipients are hereby
> reserved without prejudice thereto.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
More information about the Kerberos
mailing list