Using GSSAPI to Authenticate to AD
neelsmail@rediffmail.com
neelsmail at rediffmail.com
Wed Aug 27 04:53:46 EDT 2008
Hi,
I want to authenticate an Active Directory User using GSSAPI. The code
would be in C++. To be specific here is the scenario:
1] End user adopts/creates one or more Active Directory users using
any of the AD integration packages on Linux.
2] In my executable, which would be always running as root, I find out
that I need to use AD user and authenticate using GSSAPI
3] I cannot impersonate as the user because that would change user
context of whole process.
4] Therefore, I need to somehow find out whether there is already a
ticket for that user available (Win32 SDK: AcquireCredentialsHandle,
GSSAPI: GSSAPI::Name->import?)
5] If not, process would obtain one.
6] Get the ticket and initialize the security context (Win32SDK:
InitializeSecurityContext, GSSAPI: GSSAPI::Context::init?)
7] Get the token and send it for authentication
If the process is running in the user context which needs to be
authenticated, it's easier and I have perl implemenation of it. But in
this case, since process will always be running as root, I don't know
if there is a way I can know/get ticket for authentication.
Is there a sample/example that can, at least in parts if not
completely, illustrate how this can be done using C/C++ somewhere?
I found one link on MSDN but don't know whether that's the entire flow/
applicable: http://msdn.microsoft.com/en-us/library/ms995352.aspx
Any comments would be welcome.
Thanks in advance,
-Neel.
More information about the Kerberos
mailing list