PHP - How to use Curl with Kerberos

2019-07-31 10:26发布

问题:

I'm trying to do some operation with curl, but the website where I have to work uses Kerberos authentication. Consequently I have to enable the SPNEGO function of curl which is disabled by default.

This is the extract from my phpinfo:

cURL support    enabled
cURL Information    7.19.7
Age 3
Features
AsynchDNS   No
Debug   No
GSS-Negotiate   Yes
IDN Yes
IPv6    Yes
Largefile   Yes
NTLM    Yes
SPNEGO  No
SSL Yes
SSPI    No
krb4    No
libz    Yes
CharConv    No
Protocols   tftp, ftp, telnet, dict, ldap, ldaps, http, file, https, ftps, scp, sftp
Host    x86_64-redhat-linux-gnu
SSL Version NSS/3.13.1.0
ZLib Version    1.2.3
libSSH Version  libssh2/1.2.2

How can I do this?

回答1:

Get a new version of curl first, check your Kerberos version. All recent versions support SPNEGO natively, i.e., a small patch and curl will work happily with SPNEGO w/o additional software.

Making things work:

  1. Download and compile curl and libcurl
  2. Install it, e.g. /usr/local
  3. Try curl directly first
  4. Download a fresh version of PHP and compile it with --with-curl[=DIR], see 1, 2
  5. Install it
  6. Enjoy

Here a a few caveats:

  1. First of all, curl needs to be patched as described already before.
  2. Unfortunately, PHP is statically linked to curl (libcurl.a, see [2]), this means that you cannot switch to a new curl version unless und recompile PHP with the new one. Maybe this is just an artificial limitatin.


回答2:

The patch micheal is talking about a bit of coding(changing curl source code). In the event you do not wish to do that use fbopenssl library and link curl against that. After that

SPNEGO Yes

will be a flag in the help version.

Please note that your curl version will not support keytabs, username password authentication or credential cache modes. If you want that use my fork of curl(this one dosent have Micheal's patch though):-

github.com/Khalian/CURL