See PHI1726. This issue requests a way to make Kerberos-authenticated HTTP requests from an arc context.
This is generally a poor fit for the upstream (in particular, I can't actually test it) but the patch is so straightforward that I'm comfortable making the change until some more obvious peril presents itself. This task largely exists to explain why there's going to be a low-level API method on HTTPSFuture with no callers.
In the issue environment, a minimal functional caller only needs access to curl_setopt() to set these options:
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_GSSNEGOTIATE); curl_setopt($curl, CURLOPT_USERPWD, ":");
Exposing curl_setopt() via an API on HTTPSFuture will support this use case.