4
我試着用捲曲(出貨量捲曲在Mac OS X 10.10)連接到SPNEGO保護的Web站點捲曲停止談判SPNEGO - 未知機甲碼0機甲未知
$curl -vv --negotiate -u : http://xxx-MacBook-Pro.local:8080 * Rebuilt URL to: http://xxx-MacBook-Pro.local:8080/ * Trying 192.168.1.6... * Connected to xxx-MacBook-Pro.local (192.168.1.6) port 8080 (#0) > GET/HTTP/1.1 > Host: xxx-MacBook-Pro.local:8080 > User-Agent: curl/7.43.0 > Accept: */* > < HTTP/1.1 401 Unauthorized * gss_init_sec_context() failed: : unknown mech-code 0 for mech unknown < WWW-Authenticate: Negotiate < Content-Type: application/json; charset=UTF-8 < Content-Length: 303 < * Connection #0 to host xxx-MacBook-Pro.local left intact
問題似乎是「 gss_init_sec_context()失敗:未知mech-code 0 for mech unknown「。 curl看起來像是用SPNEGO/GSS正確編譯的?
curl 7.43.0 (x86_64-apple-darwin14.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets
編輯:HTTPie(https://github.com/ndzou/httpie-negotiate)顯示類似的行爲。它在第一次服務器響應後停止。 服務器是否返回帶有401響應的內容而不僅僅是頭文件?
GET/HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate Connection: keep-alive Host: 192.168.1.6:8080 User-Agent: HTTPie/0.9.2 HTTP/1.1 401 Unauthorized Content-Length: 209 Content-Type: application/json; charset=UTF-8 WWW-Authenticate: Negotiate { "error": { "header": { "WWW-Authenticate": "Negotiate" }, "reason": null, "root_cause": [ { "header": { "WWW-Authenticate": "Negotiate" }, "reason": null, "type": "xxx" } ], "type": "xxx" }, "status": 401 }
我怎樣才能使捲曲得到工作,並使用正確的機甲?
什麼GSS-API實現您使用?顯示'ldd curl'。 –
(在mac上沒有ldd) - >「otool -L/usr/bin/curl」master /usr/bin/curl: \t /usr/lib/libcurl.4.dylib(兼容性版本7.0.0,當前版本8.0.0) \t /usr/lib/libz.1.dylib(兼容版本1.0.0,當前版本1.2.5) \t /usr/lib/libSystem.B.dylib(兼容版本1.0.0,當前版本1213.0.0) – salyh
現在有一個問題。從輸出中我看不到使用什麼GSS-API實現。請運行'krb5-config --version'並顯示結果。 –