4
我試着用捲曲(出貨量捲曲在Mac OS X 10.10)連接到SPNEGO保護的Web站點捲曲停止談判SPNEGO - 未知機甲碼0機甲未知
$curl -vv --negotiate -u : http://xxx-MacBook-Pro.local:8080 * Rebuilt URL to: http://xxx-MacBook-Pro.local:8080/ * Trying 192.168.1.6... * Connected to xxx-MacBook-Pro.local (192.168.1.6) port 8080 (#0) > GET/HTTP/1.1 > Host: xxx-MacBook-Pro.local:8080 > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 401 Unauthorized * gss_init_sec_context() failed: : unknown mech-code 0 for mech unknown < WWW-Authenticate: Negotiate < Content-Type: application/json; charset=UTF-8 < Content-Length: 303 < * Connection #0 to host xxx-MacBook-Pro.local left intact
問題似乎是「 gss_init_sec_context()失敗:未知mech-code 0 for mech unknown「。 curl看起來像是用SPNEGO/GSS正確編譯的?
curl 7.43.0 (x86_64-apple-darwin14.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets
編輯:HTTPie(https://github.com/ndzou/httpie-negotiate)顯示類似的行爲。它在第一次服務器響應後停止。 服務器是否返回帶有401響應的內容而不僅僅是頭文件?
GET/HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: 192.168.1.6:8080
User-Agent: HTTPie/0.9.2
HTTP/1.1 401 Unauthorized
Content-Length: 209
Content-Type: application/json; charset=UTF-8
WWW-Authenticate: Negotiate
{
"error": {
"header": {
"WWW-Authenticate": "Negotiate"
},
"reason": null,
"root_cause": [
{
"header": {
"WWW-Authenticate": "Negotiate"
},
"reason": null,
"type": "xxx"
}
],
"type": "xxx"
},
"status": 401
}
我怎樣才能使捲曲得到工作,並使用正確的機甲?
什麼GSS-API實現您使用?顯示'ldd curl'。 –
(在mac上沒有ldd) - >「otool -L/usr/bin/curl」master /usr/bin/curl: \t /usr/lib/libcurl.4.dylib(兼容性版本7.0.0,當前版本8.0.0) \t /usr/lib/libz.1.dylib(兼容版本1.0.0,當前版本1.2.5) \t /usr/lib/libSystem.B.dylib(兼容版本1.0.0,當前版本1213.0.0) – salyh
現在有一個問題。從輸出中我看不到使用什麼GSS-API實現。請運行'krb5-config --version'並顯示結果。 –