Help required in using kerberos in our project

Anshuman Hazarika anshuman_hazarika at yahoo.co.uk
Fri May 16 05:27:18 EDT 2008


   Hi Mike,

   Thanks for the information. It would be really helpful.     Anshuman Hazarika
   Mobile 9821434383
   Vipassana can change u'r   [1]
   --- On Thu, 15/5/08, Michael B Allen &
     From: Michael B Allen <ioplex at gmail.com>
     Sub     To: "Anshuman H     Cc: Kerberos at mit.edu, ans     amit.pawar at ftindia.com
     Date: Thursday, 15 MaOn Thu, May 15, 2008 at 2:11 AM, Anshuman Hazarika
<anshuman_hazarika at yahoo.co.uk> wrote:
> Hi ,
>
> We are developing a product called as Zeus. In this
> product we need our users to be authorised using
> kerberos.
>
> We would like to know how to proceed with the
> development of this module.
>
> We have the user information, like the user name and
> password, stored in ldap.
>
> What we understand as of now is that we need to
> download and install the mit kerberos server. After
> that do we have to develop a kerberos client which
> talks to the kerberos server? If so how do we go about
> it?Are there APIs Available?

Look into something called "GSSAPI". It is a general purpose API for
exchanging authentication tokens of different types (including
Kerberos) in an application specific way. There are GSSAPI libraries
for Java (JGSS) and for C (shipped with MIT and Heimdal
distributions). On Windows you have SSPI which is mostly compatible
with GSSAPI (SSPI tokens can be consumed by GSSAPI and GSSAPI tokens
can be consumed by SSPI).

> Can the utilities like kinit be used to develop the
> client which would take the username and password to
> be authorized using kerberos.

Kerberos clients usually already have a credential cache
infrastructure. Kinit is just one program that can populate your
credential cache with a Keberos ticket given a username and password.
Windows clients get a ticket and put it in a kernel based credential
cache when you login the first time (e.g. using Ctrl-Alt-Del).

Most Kerberos client and server programs use entirely GSSAPI to handle
authentication. The KDC (MIT, Heimdal, Active Directory, ...) should
already be setup and running in the target environment.

Mike

-- 
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/

   



     _________________________________________________________________

   
Sent from Yahoo! Mail.

   
A Smart
References

   1. 3D"http://www.dhamma.org/"



More information about the Kerberos mailing list