FW: Documentation__GSSAPI mechanism interface

Binder, Dale dale.binder at bankofamerica.com
Wed Oct 7 15:59:54 EDT 2015 

Please assist.

See below.

-----Original Message-----
From: Tom Yu [mailto:tlyu at mit.edu] 
Sent: Wednesday, October 07, 2015 2:31 PM
To: Binder, Dale
Subject: Re: Documentation__GSSAPI mechanism interface

Hi Dale,

You have sent mail to a bug-reporting address.  It seems that you aren't reporting a specific bug.  For the sort of question that you're asking, I suggest using the kerberos at mit.edu mailing list, which is a community-based support resource.

Thanks,
-Tom

"Binder, Dale" <dale.binder at bankofamerica.com> writes:

> I need support using MIT's Kerberos implementation with a C# .net web client (VS 2013).  MS Premier Support says it's not doable unless I have some .NET implementation that calls the GSSAPI directly.
>
> See below:
>
>
> From: Frank Kim [mailto:Frank.Kim at microsoft.com]
> Sent: Monday, October 05, 2015 7:36 PM
> To: Binder, Dale
> Cc: MSSolve Case Email; Jeff Lambert
> Subject: [REG:115100513230017] how to create Kerberos token by using a local KDC C:\Users\nbkvw7l\KerberosCacheFile\krb5cache server.
>
> Hi Dale,
>
> It was a pleasure speaking with you on the phone today in regards to your issue with MIT Kerberos.
>
> The key issue here is that SSPI which is internally used by IE and .NET only recognizes Windows Kerberos Tickets.  It doesn't know anything about MIT Kerberos tickets.  In order to interface with these tickets, you have to use the GSS APIs.  An example of a product using these APIs is Firefox.  As you have mentioned if you set Network.auth.use-sspi to FALSE (http://kb.mozillazine.org/Network.auth.use-sspi ), it tells Firefox to use the GSS APIs instead of SSPI.
>
> Your only options is to find a .NET class which uses the GSS APIs and implements the same classes as the Web Client classes or you would need to directly call the GSS APIs yourself via pinvoke to interface with the web server directly and build the HTTP packets yourself.
>
> Please let me know if you have any questions or comments.
>
> thanks
>
> Frank Kim (frank.kim at microsoft.com<mailto:frank.kim at microsoft.com>)
> Sr. Escalation Engineer
> Developer Tools - Windows SDK
>
> +1 (425) 538 0692
> Typical Hours - 8:30 - 17:30
> (UTC-08:00) Pacific Standard Time (US & Canada) Meeting and exceeding 
> your expectations are my top priorities.  We are interested in any 
> feedback you might have about the service you received on this 
> incident.  Please let my manager, John Hornick, know what you think of 
> the level of service provided; email 
> John.Hornick at microsoft.com<mailto:John.Hornick at microsoft.com>, or even 
> call 425-538-0721
>
>
> Dale Binder
> Develop and Manage
> Cyber Security Technology
> Global Information Security
>
> Bank of America
> 40 N Main Street
> Dayton, OH 45423
> 937.938.1138 (work)
> 937.438.3507 (cell)
> [cid:image001.jpg at 01CC42B3.9D534100]
>
> ----------------------------------------------------------------------
> This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended recipient, please delete this message.

More information about the Kerberos mailing list