0

I'm troubleshooting legacy REST application used by my company (the person responsible for it's implementation is no longer with the firm, and sourcecode is being looked for) and encountered a weird issue, namely providing no auth-data results in 401 (as it should), sending username+password or token results in 403, yet opening url in chrome on my laptop (where I'm logged in to central system) gets the response I expected (file gets downloaded).

Note that all services are supposed to be linked with central AUTHserver for convinience, so my current hypothesis is that different access rights are given depending on auth method used. Is that possible? Is it proper?

I'm not sure how any of this is relevant but:

  1. providing no auth method returns response indicating auth-method as 'negotiate'
  2. providing one of 'standard' auth methods returns 403
  3. using a library that supposedly implements 'negotiate' method to Python's requests (requests-negotiate) returns errors
  4. using PowerShell $client = System.Net.WebClient; $client.Credentials = Get-Credential; client.DownloadFile(url, path) works as intended (file get's downloaded)

I want to be able to download these files from remote server (running linux, so no PowerShell) and not having to download them to my local machine and upload them to my remote workspace.

Any help/suggestions are greatly appreciated.

Maciej Zwoliński
  • 33
  • 4

1 Answers1

0

Apparently the service uses Windows "integrated authentication", ie. NTLM or Kerberos. It's not straightforward to get that working on Linux, but not impossible either. You will have to join the client to the domain and get a Kerberos ticket to authenticate, which is somewhat off-topic here. Look at SPNEGO on Linux, and this question for example has some hints.

Gabor Lengyel
  • 14,129
  • 4
  • 32
  • 59