How to enable features for php-curl

https://stackoverflow.com/questions/9996050

28-05-2021
|

Question

I need my CLI PHP script to post some value to a SPNEGO authenticated site.

$ch = curl_init(USERSPACE_MYSQL_SERVICES);

curl_setopt_array($ch, [
    CURLOPT_HTTPAUTH => ??, //Set to SPNEGO
    CURLOPT_POSTFIELDS => [...] 
]);

However SPNEGO is disabled for some reason:

Extract from my phpinfo:

curl

cURL support => enabled
cURL Information => 7.21.6
Age => 3
Features
AsynchDNS => No
Debug => No
GSS-Negotiate => Yes
IDN => Yes
IPv6 => Yes
Largefile => Yes
NTLM => Yes
SPNEGO => No <---------------
SSL => Yes
SSPI => No
krb4 => No
libz => Yes
CharConv => No
Protocols => dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, pop3, pop3s, rtmp, rtsp, smtp, smtps, telnet, tftp
Host => x86_64-pc-linux-gnu
SSL Version => OpenSSL/1.0.0e
ZLib Version => 1.2.3.4

The Apache server that it is communicating to is set up as follows:

            AuthType Kerberos
            AuthName "Kerberos LAN Realm Login"
            KrbAuthRealm LAN
            Krb5KeyTab /etc/apache2/auth/apache2.keytab

            KrbMethodK5Passwd Off
            KrbSaveCredentials On
            KrbLocalUserMapping On

When trying it through the command line curl it works, but I have to input a dummy password:

curl --negotiate -u user https://example.com
Enter host password for user 'user':
<html>
...

How can I enable SPNEGO for the php curl and how would I use it in my script?

Update

I have tried the following:

curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPAUTH => CURLAUTH_ANY,
    CURLOPT_POSTFIELDS => [...]
]);

$response = curl_exec($ch);

$info = curl_getinfo($ch);

if ($info['http_code'] >= 400)
      die("HTTP ERROR {$info['http_code']}");

echo $response;

And I get: HTTP ERROR 401

Solution

It looks like you may need to recompile curl with the argument "--with-spnego" in your configure command.

For an example of a configure command: http://curl.haxx.se/mail/lib-2012-02/0094.html

Full on docs (overkill): http://curl.haxx.se/docs/install.html

OTHER TIPS

Turns out that I do not need SPNEGO enabled with CURL as it works fine with GSS auth. Just like with the CLI I need to set CURLOPT_USERPWD without providing a password:

$username = rtrim(`id -un`, "\n");
curl_setopt_array($ch, [
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPAUTH => CURLAUTH_ANY,
    CURLOPT_POSTFIELDS => [...],
    CURLOPT_USERPWD => "$username:"
]);

Now it works just fine.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow