Bug 126477 - GSSAPI authentication support for wget
Summary: GSSAPI authentication support for wget
Alias: None
Product: Fedora
Classification: Fedora
Component: wget (Show other bugs)
(Show other bugs)
Version: rawhide
Hardware: All Linux
Target Milestone: ---
Assignee: Karsten Hopp
QA Contact:
Keywords: FutureFeature, Patch
Depends On:
TreeView+ depends on / blocked
Reported: 2004-06-22 09:05 UTC by Felipe Alfaro Solana
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-08 13:20:26 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
GSSAPI authentication support for wget (18.81 KB, patch)
2004-06-22 09:07 UTC, Felipe Alfaro Solana
no flags Details | Diff

Description Felipe Alfaro Solana 2004-06-22 09:05:20 UTC
This report includes a patch to extend wget functionality so GSSAPI
authentication can be negotiated between the wget FTP client and the
remote FTP server, allowing for non-anonymous, password-less,
authenticated sessions by virtue of a Kerberos V KDC.

The reason for the creation of this patch is that I have always missed
the GSSAPI authenticaion mechanism found in /usr/kerberos/bin/ftp
command line client, included in krb5-workstation, so I decided to
implement it for wget.

This patch can be further enhanced to support private (i.e. encrypted)
sessions using GSSAPI supplied functionality. The FTP command-line
tool from krb5-workstation already allows this by using the "-x"
switch. This should be easy to implement as the major infraestructure
is already in place with this patch (only minor additions are
required, which I'm currently working on).

The only change in behavior is that, before performing an anonymous
plain-text login, the AUTH GSSAPI command is sent to the remote FTP
server in first place. If the remote FTP server supports GSSAPI
authentication, via the ADAT command, GSSAPI authentication will be
negotiated between the wget client and the remote FTP server.

I'm currently using a modified wget 1.9.1 plus this patch and I'm
enjoying ticket-based GSSAPI authentication against my FTP server, so
I can download files from my remote home directory (accessible via the
FTP server supplied with krb5-server) without using plain-text based

Please, feel free to use and review this patch, or even including it
into future releases of wget. I have used code from
krb5-workstation to implement the GSSAPI authentication for wget.
There will be probably many bugs. I have tested it against the FTP
server available in Fedora Core 2 krb5-server package, and two remote
servers: HEANET.ie and Rediris.es (neither of them do support GSSAPI
authentication, by the way).

NOTE: I also sent this patch upstream to the mantainer, at
wget-patches@sunsite.dk, but since I haven't heard from them, I though
this patch could be considered for inclusion in Fedora Core 3.

Comment 1 Felipe Alfaro Solana 2004-06-22 09:07:10 UTC
Created attachment 101323 [details]
GSSAPI authentication support for wget

Comment 2 Karsten Hopp 2005-09-08 13:20:26 UTC
This really needs to be included upstream. I won't maintain a gssapi patch for
all upcoming wget versions. Please contact wget@sunsite.dk for inclusion.

Note You need to log in before you can comment on or make changes to this bug.