How to acquire a ticket from TGT

Ziangi Jones ziangij at
Fri Mar 3 03:47:18 EST 2006

I have a destop application and have to implement single sign-on for it.
*To implement the above mammoth task, I m doing the following:*

(I m using sample code SSPI from microsoft sdk as my base)

   1. Created a service (on say, machine 1) which continuously listens
   for client connections.
   2. Created a dll which calls this service.
   3. Before launching my application, dll contacts the service and if
   the credentials of the user are correct (i.e. if the user exists in
   active directory), launch the application. (both dll & application are on
   machine 2.)
   4. If the credentials are correct, then using kerbtray i find that i
   have got ticket bearing the user name through which i had tried to connect
   to the service.

Basically, i m doing authentication EVERYTIME i try to launch the
application which defeats the whole purpose of kerberos. somebody told me
that i should use ticket instead, i.e. i will have to acquire a ticket of
the service from TGT.
Please let me know how to go about it.
Thank you.

More information about the Kerberos mailing list