Kinit programatically??
Paul Moore
paul.moore at centrify.com
Mon Jun 23 12:44:21 EDT 2008
U cannot get tgt with GSS
Either
System("kinit ....")
Or
Call Krb5_get_in_tkt_passwd (I think that's the correct name)
-----Original Message-----
From: krbdev-bounces at mit.edu [mailto:krbdev-bounces at mit.edu] On Behalf
Of kul gupta
Sent: Sunday, June 22, 2008 9:51 PM
To: Tadoori (EXT), Vilas
Cc: krbdev at mit.edu; kerberos at mit.edu
Subject: Kinit programatically??
hello
Thanks
I m using MIT kerberose.
I will appreciate if someone can help me how to proceed to ahieve the
"Kinit" programatically.
The user has entered -username and password through stdin.
How can i get the TGT programatically?(using GSS-API) so as to proceed
further .??
On 6/20/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com> wrote:
>
> Kul,
>
> I would suggest you to down load the source code of MIT kerberos
>
> http://web.mit.edu/Kerberos/dist/
>
> I would also recommend the following reading for your understanding
> this is more on JAAS which is an security option that includes
> gssapi and also java methods that include java and gssapi examples.
> Here the methods used does not require you to specify the kerberos
mech.
>
>
> http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/p
> art1.html
>
> Mind you they are completly on java but you will come to know how your
> question can be answered. I would suggest you to read and you will
> get your answer.
>
>
> Regards
> V.
>
>
> ------------------------------
> *From:* kul gupta [mailto:kulg123 at gmail.com]
> *Sent:* Friday, June 20, 2008 10:34 AM
> *To:* Tadoori (EXT), Vilas
> *Subject:* Re: Kerberos Digest, Vol 66, Issue 13
>
>
> hello
>
> The Example given in the SUN runs fine.
> But I need to explicitly mention the mechanism name as -Kerberos _v5
> when i m not mentioning the name of the mechanism in the command line,
> its giving error - gss_inquire _credentials
>
> My doubt is - that when i read the file mec.conf ,the mechanism
> specified is Kerberos
>
> Then why it is not taking it automatically.??
>
>
> On 6/19/08, kul gupta <kulg123 at gmail.com> wrote:
>>
>> Hello
>> Thanks a lot for ur valuable time and guidance
>>
>> It helped me
>> The example code there for both client and server is build
>> succesfully now
>>
>> There are some basic doubts.Can u please help me in that.
>>
>> 1) I have a client application ( gss-client code given in SUN example
>> ) and Server application code (gss-server code given in SUN example
>> ). Both are build successfully
>>
>> 2) a) First step should be- that server application should be up to
>> provide the kerborized service.Am i Right??
>> when i run the server application after taking TGT ,some error
>> regarding gss_acquire _cred is coming.??
>> b) I am not getting what should i provide in the service_name on both
>> client and server side??
>> c)When this much is done then only i should proceed with Client
>> application??
>> (Again i need to do kinit and then run the client application so as
>> to connect with the server application???)
>>
>> Can u please brief me the steps as how to proceed with it.
>> It will really help me in clearing my baisc things on GSSAPI
>>
>> Thanks
>> kul
>>
>>
>>
>> On 6/18/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com>
wrote:
>>>
>>> Hello Kul,
>>>
>>> I am not sure about the RHEL V5.0. I have modifed the code so that
>>> it runs on the Solaris version.
>>> u need to find out if the gssapi header files are installed at all
>>> on your machine.
>>>
>>> you may find out using the linux command find /usr -name '*gss*'
>>> you are looking for libraries like
>>>
>>> /usr/lib/gss
>>> /usr/lib/gss/gsscred_clean
>>> /usr/lib/gss/gssd
>>> /usr/lib/libgss.so
>>> /usr/include/gssapi
>>> /usr/include/gssapi/gssapi.h
>>> /usr/include/gssapi/gssapi_ext.h
>>> the header files like gssapi_ext.h would be missing in linux because
>>> these are sun specific examples which would run only on a sun o/s
>>>
>>>
>>> Also ensure that u are linking your code with the gss libraries at
>>> run time some thing like the below which is
>>>
>>> if you are using linux(rhel or suse) and c gcc <filename.c> -o <the
>>> output file> -l< the gsslibrary path>
>>>
>>> the syntax for c++ will be diff
>>> g++ <filename.c> -o <the output file> -l< the gsslibrary path>
>>>
>>> In my case in solaris i use the following which is
>>>
>>> cc testc.c -o test -lgss -O
>>>
>>> if you see the libraries is similar to the dir structure as above "
>>> /usr/lib/gss"
>>>
>>> The final thing is how would you load your libraries in the run
time?
>>> you should check the env variable "LD_LIBRARY_PATH"
>>> check the same using echo$LD_LIBRARY_PATH
>>>
>>> If you can see your gssapi libraries set in the path you would not
>>> face any issues compiling the same.
>>>
>>>
>>> I am not sure if I have answered your questions on this.
>>>
>>> Some of the code in the examples have been customised accordingly by
>>> sun...so there is a great possibility that the code might break on
>>> other O/s please read the rfc for gssapi v2 to ensure that you are
>>> using only those functions , structures that are defined there...
the rfc is 2744.
>>>
>>>
>>> thanks
>>> v.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------
>>> *From:* kul gupta [mailto:kulg123 at gmail.com]
>>> *Sent:* Tuesday, June 17, 2008 9:50 AM
>>> *To:* Tadoori (EXT), Vilas
>>> *Subject:* Re: Kerberos Digest, Vol 66, Issue 13
>>>
>>>
>>> Hello Vilas
>>>
>>> Thanks a lot for ur valuable guidance and time.
>>>
>>> I am using-RedHatEnterprise Linux 5.0 and using Netbeans IDE to
>>> build the code and compiler is gcc ( for the code given in the SUN
>>> example)
>>>
>>> 1)There is AS server which is kerborized.I did the settings for the
>>> kerborized client also.
>>>
>>> 2)After obtaining the TGT (using kinit command from the client
>>> side),how should i proceed using the example given in SUN
>>>
>>> 3)I think mechanism used in GSSAPI by default is kerberos V5. So i
>>> need not specify it explicitly.??
>>> Am i right.
>>>
>>> Can u please help me out in brief the steps i need to do for the
same..
>>> Please let me know to proceed.
>>>
>>> On 6/16/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com>
wrote:
>>>>
>>>> Hello kul,
>>>>
>>>> You do not need an cyrus SASL and SASL is a diff framework
altogether.
>>>> All you need is a keberos server for the same.
>>>> It would be really wonderful if you can give some information more
>>>> about your architecture.
>>>> Also it would be helpful if you can tell on which platform are you
>>>> comipiling the Sun examples.
>>>> There are lot many things that we need to find out first before
>>>> answering the question.
>>>>
>>>>
>>>> Regards
>>>> V.
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
>>>> Behalf Of kerberos-request at mit.edu
>>>> Sent: Sunday, June 15, 2008 9:41 PM
>>>> To: kerberos at mit.edu
>>>> Subject: Kerberos Digest, Vol 66, Issue 13
>>>>
>>>> Send Kerberos mailing list submissions to
>>>> kerberos at mit.edu
>>>>
>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>> or, via email, send a message with subject or body 'help' to
>>>> kerberos-request at mit.edu
>>>>
>>>> You can reach the person managing the list at
>>>> kerberos-owner at mit.edu
>>>>
>>>> When replying, please edit your Subject line so it is more specific
>>>> than
>>>> "Re: Contents of Kerberos digest..."
>>>>
>>>>
>>>> Today's Topics:
>>>>
>>>> 1. help (kul gupta)
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> ---
>>>>
>>>> Message: 1
>>>> Date: Sun, 15 Jun 2008 21:18:41 +0530
>>>> From: "kul gupta" <kulg123 at gmail.com>
>>>> Subject: help
>>>> To: kerberos at mit.edu, krbdev at mit.edu
>>>> Message-ID:
>>>>
>>>> <2203f95e0806150848k10973896ie082f11431849df0 at mail.gmail.com>
>>>> Content-Type: text/plain; charset=ISO-8859-1
>>>>
>>>> I am very new to kerborose and GSSAPI I will highly appreciate for
>>>> the guidance for the issues below- I am bit confused about cyrus
>>>> SASL and GSSAPI
>>>>
>>>> I have an authentication server (AS) which is kerborised Client
>>>> gets the TGT using -kinit Now i need to use GSSAPI for
>>>> authentication using GSSAPI
>>>>
>>>> 1) DO i need to have cyrus SASL also ?? or only kerborose will do??
>>>>
>>>> 2) When i tried to run the example provided by SUN , i am getting
>>>> following
>>>> errors-
>>>> gssapi_ext.h- No such file directory gssapi-misc.h-No such file
>>>> directory
>>>>
>>>> I also tried to search these files in my system(Red hat enterprise
>>>> linux 5.0),but these files are not present.
>>>>
>>>> I will be highly thankful if u can help me out for the same .
>>>>
>>>> Regards
>>>> Ruchita
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> _______________________________________________
>>>> Kerberos mailing list
>>>> Kerberos at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>>
>>>>
>>>> End of Kerberos Digest, Vol 66, Issue 13
>>>> ****************************************
>>>>
>>>> ________________________________________________
>>>> Kerberos mailing list Kerberos at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>>
>>>
>>>
>>
>
_______________________________________________
krbdev mailing list krbdev at mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the Kerberos
mailing list