I'm trying to do some operation with curl, but the website where I have to work uses Kerberos authentication. Consequently I have to enable the SPNEGO function of curl which is disabled by default.
This is the extract from my phpinfo:
cURL support enabled
cURL Information 7.19.7
Age 3
Features
AsynchDNS No
Debug No
GSS-Negotiate Yes
IDN Yes
IPv6 Yes
Largefile Yes
NTLM Yes
SPNEGO No
SSL Yes
SSPI No
krb4 No
libz Yes
CharConv No
Protocols tftp, ftp, telnet, dict, ldap, ldaps, http, file, https, ftps, scp, sftp
Host x86_64-redhat-linux-gnu
SSL Version NSS/3.13.1.0
ZLib Version 1.2.3
libSSH Version libssh2/1.2.2
How can I do this?
Get a new version of curl first, check your Kerberos version. All recent versions support SPNEGO natively, i.e., a small patch and curl will work happily with SPNEGO w/o additional software.
Making things work:
- Download and compile curl and libcurl
- Install it, e.g. /usr/local
- Try curl directly first
- Download a fresh version of PHP and compile it with --with-curl[=DIR], see 1, 2
- Install it
- Enjoy
Here a a few caveats:
- First of all, curl needs to be patched as described already before.
- Unfortunately, PHP is statically linked to curl (libcurl.a, see [2]), this means that you cannot switch to a new curl version unless und recompile PHP with the new one. Maybe this is just an artificial limitatin.
The patch micheal is talking about a bit of coding(changing curl source code). In the event you do not wish to do that use fbopenssl library and link curl against that. After that
SPNEGO Yes
will be a flag in the help version.
Please note that your curl version will not support keytabs, username password authentication or credential cache modes. If you want that use my fork of curl(this one dosent have Micheal's patch though):-
github.com/Khalian/CURL