Kinit programatically??

kul gupta kulg123 at gmail.com
Mon Jun 23 00:51:12 EDT 2008 

hello
Thanks
I m using MIT kerberose.
I will appreciate if someone can help me how to proceed to ahieve the
"Kinit" programatically.


The user has entered -username and password through stdin.
How can i get the TGT programatically?(using GSS-API) so as to proceed
further .??


On 6/20/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com> wrote:
>
>  Kul,
>
> I would suggest you to down load the source code of MIT kerberos
>
> http://web.mit.edu/Kerberos/dist/
>
> I would also recommend the following reading for your understanding this is
> more on JAAS  which is an security option  that includes gssapi and also
> java methods that include java and gssapi examples.
> Here the methods used does not require you to specify the kerberos mech.
>
>
> http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part1.html
>
> Mind you they are completly on java but you will come to know how your
> question can be answered.  I would suggest you to read and you will get your
> answer.
>
>
> Regards
> V.
>
>
>  ------------------------------
> *From:* kul gupta [mailto:kulg123 at gmail.com]
> *Sent:* Friday, June 20, 2008 10:34 AM
> *To:* Tadoori (EXT), Vilas
> *Subject:* Re: Kerberos Digest, Vol 66, Issue 13
>
>
>  hello
>
> The Example   given in the SUN runs fine.
> But I need to explicitly mention the mechanism name as -Kerberos _v5
> when i m not mentioning the name of the mechanism in the command line, its
> giving error - gss_inquire _credentials
>
> My doubt is - that when i read the  file mec.conf ,the mechanism specified
> is Kerberos
>
> Then why it is not taking it automatically.??
>
>
> On 6/19/08, kul gupta <kulg123 at gmail.com> wrote:
>>
>> Hello
>> Thanks a  lot for ur valuable time and guidance
>>
>> It helped me
>> The example code there  for both client and server is build succesfully
>> now
>>
>> There are some basic doubts.Can u please help me in that.
>>
>> 1) I have a client application ( gss-client code given in SUN example )
>> and Server application code (gss-server code given in SUN example ). Both
>> are build successfully
>>
>> 2)   a) First step should be- that server application should be up to
>> provide the kerborized  service.Am i Right??
>> when i run the server application after taking TGT ,some error regarding
>> gss_acquire _cred is coming.??
>> b) I am not getting what should i provide in the service_name on both
>> client and server side??
>> c)When this much is done then only i should proceed with Client
>> application??
>> (Again i need to do kinit and then run the client application so as to
>> connect with the server application???)
>>
>> Can u please brief me the steps as how to proceed with it.
>> It will really help me in clearing my baisc things on GSSAPI
>>
>> Thanks
>> kul
>>
>>
>>
>> On 6/18/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com> wrote:
>>>
>>>  Hello Kul,
>>>
>>> I am not sure about the RHEL V5.0. I have modifed the code so that it
>>> runs on the Solaris version.
>>> u need to find out if the gssapi header files are installed at all on
>>> your machine.
>>>
>>> you may find out using the linux command find /usr -name '*gss*'
>>> you are looking for libraries like
>>>
>>> /usr/lib/gss
>>> /usr/lib/gss/gsscred_clean
>>> /usr/lib/gss/gssd
>>> /usr/lib/libgss.so
>>> /usr/include/gssapi
>>> /usr/include/gssapi/gssapi.h
>>> /usr/include/gssapi/gssapi_ext.h
>>> the header files like gssapi_ext.h would be missing in linux because
>>> these are sun specific examples which would run only on a sun o/s
>>>
>>>
>>> Also ensure that u are linking your code with the gss libraries at run
>>> time some thing like the below  which is
>>>
>>> if you are using linux(rhel or suse) and c
>>> gcc <filename.c> -o <the output file> -l< the gsslibrary path>
>>>
>>> the syntax for c++ will be diff
>>> g++ <filename.c> -o <the output file> -l< the gsslibrary path>
>>>
>>> In my case in solaris i use the following which is
>>>
>>> cc testc.c -o test -lgss -O
>>>
>>> if you see the libraries is similar to the dir structure  as above "
>>> /usr/lib/gss"
>>>
>>> The final thing is how would you load your libraries in the run time?
>>> you should check the env variable "LD_LIBRARY_PATH"
>>> check the same using echo$LD_LIBRARY_PATH
>>>
>>> If you can see your gssapi libraries set in the path you would not face
>>> any issues compiling the same.
>>>
>>>
>>> I am not sure if I have answered your questions on this.
>>>
>>> Some of the code in the examples have been customised accordingly by
>>> sun...so there is a great possibility that the code might break on other O/s
>>> please read the rfc for gssapi v2  to ensure that you are using only those
>>> functions , structures that are defined there... the rfc is 2744.
>>>
>>>
>>> thanks
>>> v.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>  ------------------------------
>>> *From:* kul gupta [mailto:kulg123 at gmail.com]
>>> *Sent:* Tuesday, June 17, 2008 9:50 AM
>>> *To:* Tadoori (EXT), Vilas
>>> *Subject:* Re: Kerberos Digest, Vol 66, Issue 13
>>>
>>>
>>>  Hello Vilas
>>>
>>> Thanks a lot for ur valuable guidance and time.
>>>
>>> I am using-RedHatEnterprise Linux 5.0 and using Netbeans IDE to build the
>>> code and compiler is gcc ( for the code given in the SUN example)
>>>
>>> 1)There is AS server which is kerborized.I did the settings for the
>>> kerborized client also.
>>>
>>> 2)After obtaining the TGT (using kinit command from the client side),how
>>> should i proceed using the example given in SUN
>>>
>>> 3)I think mechanism used in GSSAPI by default is kerberos V5. So i need
>>> not specify it explicitly.??
>>> Am i right.
>>>
>>> Can u please help me out in brief the steps i need to do for the same..
>>> Please let me know to proceed.
>>>
>>> On 6/16/08, Tadoori (EXT), Vilas <vilas.tadoori.ext at siemens.com> wrote:
>>>>
>>>> Hello kul,
>>>>
>>>> You do not need an cyrus SASL and SASL is a diff framework altogether.
>>>> All you need is a keberos server for the same.
>>>> It would be really wonderful if you can give some information more about
>>>> your architecture.
>>>> Also it would be helpful if you can tell on which platform are you
>>>> comipiling the Sun examples.
>>>> There are lot many things that we need to find out first before
>>>> answering the question.
>>>>
>>>>
>>>> Regards
>>>> V.
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
>>>> Behalf Of kerberos-request at mit.edu
>>>> Sent: Sunday, June 15, 2008 9:41 PM
>>>> To: kerberos at mit.edu
>>>> Subject: Kerberos Digest, Vol 66, Issue 13
>>>>
>>>> Send Kerberos mailing list submissions to
>>>>        kerberos at mit.edu
>>>>
>>>> To subscribe or unsubscribe via the World Wide Web, visit
>>>>        https://mailman.mit.edu/mailman/listinfo/kerberos
>>>> or, via email, send a message with subject or body 'help' to
>>>>        kerberos-request at mit.edu
>>>>
>>>> You can reach the person managing the list at
>>>>        kerberos-owner at mit.edu
>>>>
>>>> When replying, please edit your Subject line so it is more specific than
>>>> "Re: Contents of Kerberos digest..."
>>>>
>>>>
>>>> Today's Topics:
>>>>
>>>>   1. help (kul gupta)
>>>>
>>>>
>>>> ----------------------------------------------------------------------
>>>>
>>>> Message: 1
>>>> Date: Sun, 15 Jun 2008 21:18:41 +0530
>>>> From: "kul gupta" <kulg123 at gmail.com>
>>>> Subject: help
>>>> To: kerberos at mit.edu, krbdev at mit.edu
>>>> Message-ID:
>>>>        <2203f95e0806150848k10973896ie082f11431849df0 at mail.gmail.com>
>>>> Content-Type: text/plain; charset=ISO-8859-1
>>>>
>>>> I am very new to kerborose and GSSAPI
>>>> I will highly appreciate for the guidance for the issues below- I am bit
>>>> confused about cyrus SASL and GSSAPI
>>>>
>>>> I have an authentication server (AS) which is kerborised Client gets the
>>>> TGT using -kinit Now i need to use GSSAPI for authentication using
>>>> GSSAPI
>>>>
>>>> 1) DO i need to have cyrus SASL also ?? or only kerborose will do??
>>>>
>>>> 2) When i tried to run the example provided by SUN , i am getting
>>>> following
>>>> errors-
>>>> gssapi_ext.h- No such file directory
>>>> gssapi-misc.h-No such file directory
>>>>
>>>> I also tried to search these files in my system(Red hat enterprise linux
>>>> 5.0),but these files are not present.
>>>>
>>>> I will be highly thankful if u can help me out for the same .
>>>>
>>>> Regards
>>>> Ruchita
>>>>
>>>>
>>>> ------------------------------
>>>>
>>>> _______________________________________________
>>>> Kerberos mailing list
>>>> Kerberos at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>>
>>>>
>>>> End of Kerberos Digest, Vol 66, Issue 13
>>>> ****************************************
>>>>
>>>> ________________________________________________
>>>> Kerberos mailing list           Kerberos at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>>
>>>
>>>
>>
>

More information about the krbdev mailing list