Wednesday 19 February 2014

Curl with Kerberos authentication

Quick note on retrieving content using curl from Kerberos authenticated sites (so that I don't have to reread the man page every 6 months to figure it out). Firstly request a valid Kerberos ticket for forwarding:

$ kinit -f

You may need to enter your password to authenticate yourself. Next tell curl to retrieve the URL using GSS-Negotiate authentication (--negotiate) and no username or password (-u : ) as they are not used. Note that curl needs to have been compiled with support for this, check that you see GSS-Negotiate in the features list when doing a curl -V.

$ curl "https://your-secure-url/path/query?param=1&value=2" -u : --negotiate

This will return the requested page and print it to console Doing the same thing in Python (with pycurl - 'pip install pycurl'):

import pycurl

curl = pycurl.Curl()
curl.setopt(pycurl.HTTPAUTH, pycurl.HTTPAUTH_GSSNEGOTIATE)
curl.setopt(pycurl.USERPWD, ':')
curl.setopt(pycurl.URL, 'https://your-secure-url/path/query?param=1&value=2')
curl.perform()
curl.close()

And finally in PHP:

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "https://your-secure-url/path/query?param=1&value=2");
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE);
curl_setopt($ch, CURLOPT_USERPWD, ":");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$page = curl_exec($ch);
curl_close($ch);