Kerberos, GSSAPI and WS
Massimiliano Masi
massimiliano.masi at cern.ch
Thu Sep 28 03:57:40 EDT 2006
Hi,
I've a problem and for my knowledge, I'm
not able to solve... I hope in some pointers...
I'm developing a webservice. The client of this SOAP
webservice is written in perl and uses GSSAPI.
For preventing from replay attacks, I would like to make
mutual authentication with my server.
Now, the problem is: in this webservice (the client part),
I call GSSAPI_import, and then I start a context with context_init(),
with the GSS_C_MUTUAL_FLAG set and with GSS_C_NO_CHANNEL_BINDINGS.
First question: what is this flag: GSS_C_NO_CHANNEL_BINDINGS?
Then I send the token to the server via a soap message.
The server should validate the token and returns with another token,
for mutual authentication.
At this time, when the SOAPsever returns with the token,
I've mutual authenticatin, but the context is destroyed!
And now I've to send another command to the soap server (that is,
obviously, stateless), but I've no more session key (I cannot use
GSS_wrap, GSS_unwrap). But I've the ticket valid for the
duration of the tgt.
Second question: how can I reuse this token?
Thanks a lot,
--
Massimiliano Masi
http://www.comunidelchianti.it/~max
More information about the Kerberos
mailing list