IIS, SharePoint, and HTTP::DAV

jmw_90266 has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks,

I'm trying to use HTTP::DAV (v0.34) to pull files from SharePoint via the webdav interface. I'm running into what I believe are authentication problems (server error 401.2) on a simple open call. I get the same results when running on windows or linux. Our IIS server is configured to use Negotiate (Kerberos) for authentication with NTLM available as a backup. Both Authen::NTLM and LWP::Authen::Negotiate are installed. At this point, the script is pretty simple and follows the example:

#!/usr/bin/perl -w

use strict;
use HTTP::DAV;

my $d = new HTTP::DAV;
my $url = "http://myurl";
my $file = "myfile.xls";
$d->DebugLevel(3);
 
$d->credentials(-realm => "myrealm",-user=>"myusername",-pass =>"mypas
+sword" );
$d->open( -url=>"$url" );
print $d->message . "\n";
[download]

Based on looking at packet captures and the debug data, it seems like the HTTP::DAV module is not passing the specified credentials. It appears that module just stops at receiving the initial unauthorized response from the server instead of continuing with the handshake and choosing an authentication protocol.

Has anyone had any luck with using HTTP::DAV to interface with SharePoint 2007 where Negotiate/NTLM authentication is involved? Is there something obvious that I'm missing? Any ideas?

Thanks in advance for your help.

Comment on IIS, SharePoint, and HTTP::DAV Download Code

Replies are listed 'Best First'.
Re: IIS, SharePoint, and HTTP::DAV by almut (Canon) on Oct 30, 2008 at 20:37 UTC
I've never used that combo myself... but the LWP::Authen::Negotiate docs state "To see what is going on add `use LWP::Debug qw(+);`". So, if the authentication plugin is actually being used (as intended), you should then see some debugging messages... If so, what do they say?	[reply] [d/l]
Re^2: IIS, SharePoint, and HTTP::DAV by jmw_90266 (Acolyte) on Oct 31, 2008 at 18:04 UTC
Thanks almut. I was more focused on the debug from HTTP::DAV vs the underlying LWP::Authen::Negotiate. With LWP debug enabled, I get the following output: LWP::UserAgent::new: () Setting auth details for default, default to myusername,mypassword new_resource: For myurl, creating new resource LWP::UserAgent::request: () LWP::UserAgent::send_request: PROPFIND myurl LWP::Protocol::http::request: () LWP::UserAgent::request: Simple response: Unauthorized LWP::Authen::Negotiate::authenticate: authenticate() version 0.06 call +ed LWP::Authen::Negotiate::authenticate: target hostname myhost LWP::Authen::Negotiate::authenticate: GSSAPI servicename HTTP/myhost@m +ydomain LWP::Authen::Negotiate::authenticate: Miscellaneous failure LWP::Authen::Negotiate::authenticate: No credentials cache found Unauthorized. [download] Based on the debug, it looks like the credentials are not getting passed. At the very least, it gives me another layer to dig into instead of banging my head against the wall with HTTP::DAV...	[reply] [d/l]
Re^2: IIS, SharePoint, and HTTP::DAV by jmw_90266 (Acolyte) on Nov 01, 2008 at 04:52 UTC
Based on more research, this is a linux kerberos system configuration issue (krb5.conf, etc) rather than a perl issue. Still haven't figured it out yet but the problem isn't caused by the perl libraries that are being used.	[reply]