How to use gssapi between a java client and a C server?
Michael B Allen
mba2000 at ioplex.com
Tue Sep 26 11:46:30 EDT 2006
On Tue, 26 Sep 2006 22:11:37 +0800
"lizhong" <lizhong at ncic.ac.cn> wrote:
> You can see that the "token" in jdk and C lib in linux are a little different.The msg sent by the java client is like this:
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> | token.length(4Bytes) | token("token.length" bytes) |
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> But the C server receives msgs in this form:
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> | flags(1Byte) | token->length(4bytes) | token("token->length" bytes) |
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> I can change the code of C server to meet the form of the token generated by java, but I don't know how are the tokens generated by java. The "token" of java implements obviously includes the "flag" value, and the "flag" value is not a part of token in C implements.
> Could someone help me with this ? Thank you !
GSSAPI does not define how tokens are exchanged between the client and
server. GSSAPI only specifies that a token emitted by initSecContext
will be suitable for consumption by an acceptSecContext routine and
any token emitted by acceptSecContext will be adequate for passing to
initSecContext.
In short, add a 1 byte flags field and make sure the length field is
encoded using the same endianess. Then it will work.
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list