I am trying to connect to a secure SPNEGO website using curl (on Mac OS X 10.10 with deferred curl)
$ curl -vv --negotiate -u: http: //xxx-MacBook-Pro.local: 8080
* Rebuilt URL to: http: //xxx-MacBook-Pro.local: 8080 /
* Trying 192.168.1.6 ...
* Connected to xxx-MacBook-Pro.local (192.168.1.6) port 8080 (# 0)
> GET / HTTP / 1.1
> Host: xxx-macbook-pro.local: 8080
> User-Agent: curl / 7.43.0
> Accept: * / *
>
<HTTP / 1.1 401 Unauthorized
* gss_init_sec_context () failed:: unknown mech-code 0 for mech unknown
<WWW-Authenticate: Negotiate
<Content-Type: application / json; charset = utf-8
<Content-Length: 303
<
* Connection # 0 to host xxx-macbook-pro.local left intact
It seems that the problem "gss_init_sec_context () failed :: unknown mech code 0 for mech unknown". Does curl look like compiled with SPNEGO / GSS correctly?
curl 7.43.0 (x86_64-apple-darwin14.0) libcurl/7.43.0 SecureTransport zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz UnixSockets
EDIT: HTTPie ( https://github.com/ndzou/httpie-negotiate ) shows similar behavior. It stops after the first server response. Does it matter that the server returns content with a 401 response, and not just headers?
GET / HTTP / 1.1
Accept: * / *
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: 192.168.1.6:8080
User-Agent: HTTPie / 0.9.2
HTTP / 1.1 401 Unauthorized
Content-Length: 209
Content-Type: application / json; charset = utf-8
WWW-Authenticate: Negotiate
{
"error": {
"header": {
"WWW-Authenticate": "Negotiate"
},
"reason": null,
"root_cause": [
{
"header": {
"WWW-Authenticate": "Negotiate"
},
"reason": null,
"type": "xxx"
}
],
"type": "xxx"
},
"status": 401
}
, ?