126477 – GSSAPI authentication support for wget

Bug 126477 - GSSAPI authentication support for wget

Summary: GSSAPI authentication support for wget

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	wget
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Karsten Hopp
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2004-06-22 09:05 UTC by Felipe Alfaro Solana
Modified:	2007-11-30 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2005-09-08 13:20:26 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
GSSAPI authentication support for wget (18.81 KB, patch) 2004-06-22 09:07 UTC, Felipe Alfaro Solana	no flags	Details \| Diff
View All

Description Felipe Alfaro Solana 2004-06-22 09:05:20 UTC

This report includes a patch to extend wget functionality so GSSAPI
authentication can be negotiated between the wget FTP client and the
remote FTP server, allowing for non-anonymous, password-less,
authenticated sessions by virtue of a Kerberos V KDC.

The reason for the creation of this patch is that I have always missed
the GSSAPI authenticaion mechanism found in /usr/kerberos/bin/ftp
command line client, included in krb5-workstation, so I decided to
implement it for wget.

This patch can be further enhanced to support private (i.e. encrypted)
sessions using GSSAPI supplied functionality. The FTP command-line
tool from krb5-workstation already allows this by using the "-x"
switch. This should be easy to implement as the major infraestructure
is already in place with this patch (only minor additions are
required, which I'm currently working on).

The only change in behavior is that, before performing an anonymous
plain-text login, the AUTH GSSAPI command is sent to the remote FTP
server in first place. If the remote FTP server supports GSSAPI
authentication, via the ADAT command, GSSAPI authentication will be
negotiated between the wget client and the remote FTP server.

I'm currently using a modified wget 1.9.1 plus this patch and I'm
enjoying ticket-based GSSAPI authentication against my FTP server, so
I can download files from my remote home directory (accessible via the
FTP server supplied with krb5-server) without using plain-text based
logins.

Please, feel free to use and review this patch, or even including it
into future releases of wget. I have used code from
krb5-workstation to implement the GSSAPI authentication for wget.
There will be probably many bugs. I have tested it against the FTP
server available in Fedora Core 2 krb5-server package, and two remote
servers: HEANET.ie and Rediris.es (neither of them do support GSSAPI
authentication, by the way).

NOTE: I also sent this patch upstream to the mantainer, at
wget-patches, but since I haven't heard from them, I though
this patch could be considered for inclusion in Fedora Core 3.

Comment 1 Felipe Alfaro Solana 2004-06-22 09:07:10 UTC

Created attachment 101323 [details]
GSSAPI authentication support for wget

Comment 2 Karsten Hopp 2005-09-08 13:20:26 UTC

This really needs to be included upstream. I won't maintain a gssapi patch for
all upcoming wget versions. Please contact wget for inclusion.

Note You need to log in before you can comment on or make changes to this bug.