How to get Kerberos token for proxy authentication

Ken Hornstein kenh at cmf.nrl.navy.mil
Tue Jun 4 12:43:57 EDT 2024


> Hi again, I am looking at the implementing this (getting Kerberos
>service token) in C using Heimdal Kerberos library.  In Golang using
>this go package https://github.com/alexbrainman/sspi it was simply two
>calls as below:
>
>cred=negotiate.AcquireCurrentCredentials()token =
>negotiate.NewClientContext(cred, spn) However it looks bit complex in C
>using MIT/Heimdal library. I am looking at this example mentioned in the
>RFC herehttps://datatracker.ietf.org/doc/html/rfc7546.html#section-5.1
>Just checking if someone has done a similar thing and I am on the right
>track. Thank you.

I think you're comparing apples and oranges a bit there; those two calls
you mention (which from my look at that Golang library really only end
up as one SSPI call) are only a small part of the overall authentication
flow.  The code in that RFC you reference is a mostly-complete GSSAPI
application which includes a full loop and interprocess communication.

I'm going to repeat what I said last time: look at the libcurl source
code which already does this.

--Ken


More information about the Kerberos mailing list