我需要使用CLI PHP脚本向SPNEGO经过身份验证的网站发布一些值。
$ch = curl_init(USERSPACE_MYSQL_SERVICES);
curl_setopt_array($ch, [
CURLOPT_HTTPAUTH => ??, //Set to SPNEGO
CURLOPT_POSTFIELDS => [...]
]);
但是SPNEGO由于某种原因被禁用:
从我的phpinfo中提取:
curl
cURL support => enabled
cURL Information => 7.21.6
Age => 3
Features
AsynchDNS => No
Debug => No
GSS-Negotiate => Yes
IDN => Yes
IPv6 => Yes
Largefile => Yes
NTLM => Yes
SPNEGO => No <---------------
SSL => Yes
SSPI => No
krb4 => No
libz => Yes
CharConv => No
Protocols => dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, pop3, pop3s, rtmp, rtsp, smtp, smtps, telnet, tftp
Host => x86_64-pc-linux-gnu
SSL Version => OpenSSL/1.0.0e
ZLib Version => 1.2.3.4
与之通信的Apache服务器设置如下:
AuthType Kerberos
AuthName "Kerberos LAN Realm Login"
KrbAuthRealm LAN
Krb5KeyTab /etc/apache2/auth/apache2.keytab
KrbMethodK5Passwd Off
KrbSaveCredentials On
KrbLocalUserMapping On
通过命令行curl尝试时,它可以正常工作,但我必须输入一个虚拟密码:
curl --negotiate -u user https://example.com
Enter host password for user 'user':
<html>
...
如何为php curl启用SPNEGO以及如何在我的脚本中使用它?
我尝试了以下内容:
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_POSTFIELDS => [...]
]);
$response = curl_exec($ch);
$info = curl_getinfo($ch);
if ($info['http_code'] >= 400)
die("HTTP ERROR {$info['http_code']}");
echo $response;
我得到:HTTP ERROR 401
答案 0 :(得分:1)
看起来您可能需要在configure命令中使用参数“--with-spnego”重新编译curl。
有关configure命令的示例: http://curl.haxx.se/mail/lib-2012-02/0094.html
完整的文档(矫枉过正): http://curl.haxx.se/docs/install.html
答案 1 :(得分:1)
事实证明我不需要使用CURL启用SPNEGO,因为它可以与GSS auth一起使用。就像使用CLI一样,我需要设置CURLOPT_USERPWD而不提供密码:
$username = rtrim(`id -un`, "\n");
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPAUTH => CURLAUTH_ANY,
CURLOPT_POSTFIELDS => [...],
CURLOPT_USERPWD => "$username:"
]);
现在它运作得很好。