How to use gssapi between a java client and a C server?

lizhong lizhong at ncic.ac.cn
Wed Sep 27 02:33:57 EDT 2006 

 The message sent by the java code is like this:
   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   |  token.length(4Bytes)           |   token("token.length" bytes)                                                     |
   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
 And the C server receives messages like this:
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    |  flags(1Byte)                        |  token->length(4bytes)       |                  token("token->length" bytes)                     |    
    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 Are the "token" field encoded in the same way? The tokens used in establishing context are generated by functions offered by gssapi, and is every bite the same in java gssapi and C gssapi when establishing the context? 
 Thank you so much !

 ----- Original Message ----- 
 From: "Michael B Allen" <mba2000 at ioplex.com>
 To: "lizhong" <lizhong at ncic.ac.cn>
 Cc: <kerberos at mit.edu>
 Sent: Tuesday, September 26, 2006 11:46 PM
 Subject: Re: How to use gssapi between a java client and a C server?
 
> On Tue, 26 Sep 2006 22:11:37 +0800
> "lizhong" <lizhong at ncic.ac.cn> wrote:>> 
>     You can see that the "token" in jdk and C lib in linux are a little different.The msg sent by the java client is like this:
>     ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>     |  token.length(4Bytes)   |   token("token.length" bytes)      |
>     ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    
>     But the C server receives msgs in this form:
>     +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>     |  flags(1Byte)  |  token->length(4bytes)  |  token("token->length" bytes)  |    
>     +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>     I can change the code of C server to meet the form of the token generated by java, but I don't know how are the tokens generated by java. The "token" of java implements obviously includes the "flag" value, and the "flag" value is not a part of token in C implements. 
>     Could someone help me with this ? Thank you !
> 
> GSSAPI does not define how tokens are exchanged between the client and
> server. GSSAPI only specifies that a token emitted by initSecContext
> will be suitable for consumption by an acceptSecContext routine and
> any token emitted by acceptSecContext will be adequate for passing to
> initSecContext.
> 
> In short, add a 1 byte flags field and make sure the length field is
> encoded using the same endianess. Then it will work.
> 
> Mike
> 
> -- 
> Michael B Allen
> PHP Active Directory SSO
> http://www.ioplex.com/
>

More information about the Kerberos mailing list