Kinit programatically??

Paul Moore paul.moore at centrify.com
Mon Jun 23 12:44:21 EDT 2008


U cannot get tgt with GSS

Either

System("kinit ....")

Or

Call Krb5_get_in_tkt_passwd (I think that's the correct name) 

-----Original Message-----
From: krbdev-bounces at mit.edu [mailto:krbdev-bounces at mit.edu] On Behalf
Of kul gupta
Sent: Sunday, June 22, 2008 9:51 PM
To: Tadoori (EXT), Vilas
Cc: krbdev at mit.edu; kerberos at mit.edu
Subject: Kinit programatically??

hello
Thanks
I m using MIT kerberose.
I will appreciate if someone can help me how to proceed to ahieve the
"Kinit" programatically.


The user has entered -username and password through stdin.
How can i get the TGT programatically?(using GSS-API) so as to proceed
further .??


On 6/20/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com> wrote:
>
>  Kul,
>
> I would suggest you to down load the source code of MIT kerberos
>
> http://web.mit.edu/Kerberos/dist/
>
> I would also recommend the following reading for your understanding 
> this is more on JAAS  which is an security option  that includes 
> gssapi and also java methods that include java and gssapi examples.
> Here the methods used does not require you to specify the kerberos
mech.
>
>
> http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/p
> art1.html
>
> Mind you they are completly on java but you will come to know how your

> question can be answered.  I would suggest you to read and you will 
> get your answer.
>
>
> Regards
> V.
>
>
>  ------------------------------
> *From:* kul gupta [mailto:kulg123 at gmail.com]
> *Sent:* Friday, June 20, 2008 10:34 AM
> *To:* Tadoori (EXT), Vilas
> *Subject:* Re: Kerberos Digest, Vol 66, Issue 13
>
>
>  hello
>
> The Example   given in the SUN runs fine.
> But I need to explicitly mention the mechanism name as -Kerberos _v5 
> when i m not mentioning the name of the mechanism in the command line,

> its giving error - gss_inquire _credentials
>
> My doubt is - that when i read the  file mec.conf ,the mechanism 
> specified is Kerberos
>
> Then why it is not taking it automatically.??
>
>
> On 6/19/08, kul gupta <kulg123 at gmail.com> wrote:
>>
>> Hello
>> Thanks a  lot for ur valuable time and guidance
>>
>> It helped me
>> The example code there  for both client and server is build 
>> succesfully now
>>
>> There are some basic doubts.Can u please help me in that.
>>
>> 1) I have a client application ( gss-client code given in SUN example

>> ) and Server application code (gss-server code given in SUN example 
>> ). Both are build successfully
>>
>> 2)   a) First step should be- that server application should be up to
>> provide the kerborized  service.Am i Right??
>> when i run the server application after taking TGT ,some error 
>> regarding gss_acquire _cred is coming.??
>> b) I am not getting what should i provide in the service_name on both

>> client and server side??
>> c)When this much is done then only i should proceed with Client 
>> application??
>> (Again i need to do kinit and then run the client application so as 
>> to connect with the server application???)
>>
>> Can u please brief me the steps as how to proceed with it.
>> It will really help me in clearing my baisc things on GSSAPI
>>
>> Thanks
>> kul
>>
>>
>>
>> On 6/18/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com>
wrote:
>>>
>>>  Hello Kul,
>>>
>>> I am not sure about the RHEL V5.0. I have modifed the code so that 
>>> it runs on the Solaris version.
>>> u need to find out if the gssapi header files are installed at all 
>>> on your machine.
>>>
>>> you may find out using the linux command find /usr -name '*gss*'
>>> you are looking for libraries like
>>>
>>> /usr/lib/gss
>>> /usr/lib/gss/gsscred_clean
>>> /usr/lib/gss/gssd
>>> /usr/lib/libgss.so
>>> /usr/include/gssapi
>>> /usr/include/gssapi/gssapi.h
>>> /usr/include/gssapi/gssapi_ext.h
>>> the header files like gssapi_ext.h would be missing in linux because

>>> these are sun specific examples which would run only on a sun o/s
>>>
>>>
>>> Also ensure that u are linking your code with the gss libraries at 
>>> run time some thing like the below  which is
>>>
>>> if you are using linux(rhel or suse) and c gcc <filename.c> -o <the 
>>> output file> -l< the gsslibrary path>
>>>
>>> the syntax for c++ will be diff
>>> g++ <filename.c> -o <the output file> -l< the gsslibrary path>
>>>
>>> In my case in solaris i use the following which is
>>>
>>> cc testc.c -o test -lgss -O
>>>
>>> if you see the libraries is similar to the dir structure  as above "
>>> /usr/lib/gss"
>>>
>>> The final thing is how would you load your libraries in the run
time?
>>> you should check the env variable "LD_LIBRARY_PATH"
>>> check the same using echo$LD_LIBRARY_PATH
>>>
>>> If you can see your gssapi libraries set in the path you would not 
>>> face any issues compiling the same.
>>>
>>>
>>> I am not sure if I have answered your questions on this.
>>>
>>> Some of the code in the examples have been customised accordingly by

>>> sun...so there is a great possibility that the code might break on 
>>> other O/s please read the rfc for gssapi v2  to ensure that you are 
>>> using only those functions , structures that are defined there...
the rfc is 2744.
>>>
>>>
>>> thanks
>>> v.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>  ------------------------------
>>> *From:* kul gupta [mailto:kulg123 at gmail.com]
>>> *Sent:* Tuesday, June 17, 2008 9:50 AM
>>> *To:* Tadoori (EXT), Vilas
>>> *Subject:* Re: Kerberos Digest, Vol 66, Issue 13
>>>
>>>
>>>  Hello Vilas
>>>
>>> Thanks a lot for ur valuable guidance and time.
>>>
>>> I am using-RedHatEnterprise Linux 5.0 and using Netbeans IDE to 
>>> build the code and compiler is gcc ( for the code given in the SUN 
>>> example)
>>>
>>> 1)There is AS server which is kerborized.I did the settings for the 
>>> kerborized client also.
>>>
>>> 2)After obtaining the TGT (using kinit command from the client 
>>> side),how should i proceed using the example given in SUN
>>>
>>> 3)I think mechanism used in GSSAPI by default is kerberos V5. So i 
>>> need not specify it explicitly.??
>>> Am i right.
>>>
>>> Can u please help me out in brief the steps i need to do for the
same..
>>> Please let me know to proceed.
>>>
>>> On 6/16/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com>
wrote:
>>>>
>>>> Hello kul,
>>>>
>>>> You do not need an cyrus SASL and SASL is a diff framework
altogether.
>>>> All you need is a keberos server for the same.
>>>> It would be really wonderful if you can give some information more 
>>>> about your architecture.
>>>> Also it would be helpful if you can tell on which platform are you 
>>>> comipiling the Sun examples.
>>>> There are lot many things that we need to find out first before 
>>>> answering the question.
>>>>
>>>>
>>>> Regards
>>>> V.
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On

>>>> Behalf Of kerberos-request at mit.edu
>>>> Sent: Sunday, June 15, 2008 9:41 PM
>>>> To: kerberos at mit.edu
>>>> Subject: Kerberos Digest, Vol 66, Issue 13
>>>>
>>>> Send Kerberos mailing list submissions to
>>>>        kerberos at mit.edu
>>>>
>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>        https://mailman.mit.edu/mailman/listinfo/kerberos
>>>> or, via email, send a message with subject or body 'help' to
>>>>        kerberos-request at mit.edu
>>>>
>>>> You can reach the person managing the list at
>>>>        kerberos-owner at mit.edu
>>>>
>>>> When replying, please edit your Subject line so it is more specific

>>>> than
>>>> "Re: Contents of Kerberos digest..."
>>>>
>>>>
>>>> Today's Topics:
>>>>
>>>>   1. help (kul gupta)
>>>>
>>>>
>>>> -------------------------------------------------------------------
>>>> ---
>>>>
>>>> Message: 1
>>>> Date: Sun, 15 Jun 2008 21:18:41 +0530
>>>> From: "kul gupta" <kulg123 at gmail.com>
>>>> Subject: help
>>>> To: kerberos at mit.edu, krbdev at mit.edu
>>>> Message-ID:
>>>>        
>>>> <2203f95e0806150848k10973896ie082f11431849df0 at mail.gmail.com>
>>>> Content-Type: text/plain; charset=ISO-8859-1
>>>>
>>>> I am very new to kerborose and GSSAPI I will highly appreciate for 
>>>> the guidance for the issues below- I am bit confused about cyrus 
>>>> SASL and GSSAPI
>>>>
>>>> I have an authentication server (AS) which is kerborised Client 
>>>> gets the TGT using -kinit Now i need to use GSSAPI for 
>>>> authentication using GSSAPI
>>>>
>>>> 1) DO i need to have cyrus SASL also ?? or only kerborose will do??
>>>>
>>>> 2) When i tried to run the example provided by SUN , i am getting 
>>>> following
>>>> errors-
>>>> gssapi_ext.h- No such file directory gssapi-misc.h-No such file 
>>>> directory
>>>>
>>>> I also tried to search these files in my system(Red hat enterprise 
>>>> linux 5.0),but these files are not present.
>>>>
>>>> I will be highly thankful if u can help me out for the same .
>>>>
>>>> Regards
>>>> Ruchita
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> _______________________________________________
>>>> Kerberos mailing list
>>>> Kerberos at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>>
>>>>
>>>> End of Kerberos Digest, Vol 66, Issue 13
>>>> ****************************************
>>>>
>>>> ________________________________________________
>>>> Kerberos mailing list           Kerberos at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>>
>>>
>>>
>>
>
_______________________________________________
krbdev mailing list             krbdev at mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev




More information about the Kerberos mailing list