Bug 126477 - GSSAPI authentication support for wget
GSSAPI authentication support for wget
Product: Fedora
Classification: Fedora
Component: wget (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karsten Hopp
: FutureFeature, Patch
Depends On:
  Show dependency treegraph
Reported: 2004-06-22 05:05 EDT by Felipe Alfaro Solana
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-08 09:20:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
GSSAPI authentication support for wget (18.81 KB, patch)
2004-06-22 05:07 EDT, Felipe Alfaro Solana
no flags Details | Diff

  None (edit)
Description Felipe Alfaro Solana 2004-06-22 05:05:20 EDT
This report includes a patch to extend wget functionality so GSSAPI
authentication can be negotiated between the wget FTP client and the
remote FTP server, allowing for non-anonymous, password-less,
authenticated sessions by virtue of a Kerberos V KDC.

The reason for the creation of this patch is that I have always missed
the GSSAPI authenticaion mechanism found in /usr/kerberos/bin/ftp
command line client, included in krb5-workstation, so I decided to
implement it for wget.

This patch can be further enhanced to support private (i.e. encrypted)
sessions using GSSAPI supplied functionality. The FTP command-line
tool from krb5-workstation already allows this by using the "-x"
switch. This should be easy to implement as the major infraestructure
is already in place with this patch (only minor additions are
required, which I'm currently working on).

The only change in behavior is that, before performing an anonymous
plain-text login, the AUTH GSSAPI command is sent to the remote FTP
server in first place. If the remote FTP server supports GSSAPI
authentication, via the ADAT command, GSSAPI authentication will be
negotiated between the wget client and the remote FTP server.

I'm currently using a modified wget 1.9.1 plus this patch and I'm
enjoying ticket-based GSSAPI authentication against my FTP server, so
I can download files from my remote home directory (accessible via the
FTP server supplied with krb5-server) without using plain-text based

Please, feel free to use and review this patch, or even including it
into future releases of wget. I have used code from
krb5-workstation to implement the GSSAPI authentication for wget.
There will be probably many bugs. I have tested it against the FTP
server available in Fedora Core 2 krb5-server package, and two remote
servers: HEANET.ie and Rediris.es (neither of them do support GSSAPI
authentication, by the way).

NOTE: I also sent this patch upstream to the mantainer, at
wget-patches@sunsite.dk, but since I haven't heard from them, I though
this patch could be considered for inclusion in Fedora Core 3.
Comment 1 Felipe Alfaro Solana 2004-06-22 05:07:10 EDT
Created attachment 101323 [details]
GSSAPI authentication support for wget
Comment 2 Karsten Hopp 2005-09-08 09:20:26 EDT
This really needs to be included upstream. I won't maintain a gssapi patch for
all upcoming wget versions. Please contact wget@sunsite.dk for inclusion.

Note You need to log in before you can comment on or make changes to this bug.