Different realms

[Imanuel Greenfeld]

Thank you Robbie.

 

You are right using a script calling curl I managed to send the request and
all ok, but it's horrible idea to call curl from C++ and how will I do it ?
system call ?

 

So, I did this instead so far :-

 

struct SOAP_ENV__Header

{

    struct ns3__Header *ns3__MyHeader;  

};

 

struct ns3__Header

{

    char *Username;    

    char *Password;

};

 

soap * mysoap = soap_new1(SOAP_C_UTFSTRING);  

soap_init(&mysoap);

mysoap.header = (SOAP_ENV__Header *)soap_malloc(&mysoap,
sizeof(SOAP_ENV__Header));

mysoap.header->ns3__MyHeader = (ns3__Header*)malloc(sizeof(ns3__Header));

 

 

/******  I know that hard coding username and password is contrary to
Kerberos but I'm just trying to see if I can pass the authentication.
******/

 

mysoap.header->ns3__MyHeader->Username = (char*)malloc(10 * sizeof(char));

strcpy(mysoap.header->ns3__MyHeader-> Username,  "<username>");


 

mysoap.header->ns3__MyHeader-> Password = (char*)malloc(10 * sizeof(char));

strcpy(mysoap.header->ns3__MyHeader-> Password,  "<password>");

 

const char *endpointURL = "http://...";

value request(mysoap), response(mysoap);   

 

... // now populate the request data to send

request[0] = ...;                

request[1] = ...;                

 

if (json_call(mysoap, endpointURL, request, response))

{

  ... // use response value

}

 

I will change the code to process the keytab and pass Username and Password
credentials as you say, but how does this look ?

 

Any ideas how this can be improved to get through the authentication ?

 

Thank you

 

Imanuel.

              

 

-----Original Message-----
From: Robbie Harwood [mailto:rharwood at redhat.com] 
Sent: 28 January 2018 12:41
To: Imanuel Greenfeld <imanuel.greenfeld1 at ntlworld.com>; kerberos at mit.edu
Cc: 'Simo Sorce' <simo at redhat.com>
Subject: RE: Different realms

 

"Imanuel Greenfeld" < <mailto:imanuel.greenfeld1 at ntlworld.com>
imanuel.greenfeld1 at ntlworld.com> writes:

 

> public void doWithKeytabFile() {

>     KerberosRestTemplate restTemplate =

>             new KerberosRestTemplate("/tmp/user2.keytab",

> " <mailto:user2 at EXAMPLE.ORG> user2 at EXAMPLE.ORG");

>     restTemplate.getForObject(" <http://neo.example.org:8080/hello>
http://neo.example.org:8080/hello",

> String.class);

> }

> 

> As you can see the HTTP request just has one "endpoint" so the keytab 

> needs to be part of it.

> 

> But in C++ I cannot find a way how to achieve the same - in other 

> words, once I have the keytab in the code, and I separately build the 

> HTTP request, how do I incorporate that keytab to that HTTP request ?

 

The keytab isn't part of the request.  The *credential*, which is derived
from the keytab, is part of the request.

 

> I can only change the client code - the server code is not available to
me.

> 

> Once again, I'm trying to find C/C++ good example.

 

You'll most likely need to write it yourself, which is why I linked you the
requests-gssapi version.  I'm not sure anyone's done the client side of this
from C, other than curl [1].  I don't find that easier to read than the
python, but I'm of course biased.

 

Thanks,

--Robbie

 

1:  <https://github.com/curl/curl> https://github.com/curl/curl