Validating Kerberos tickets

Douglas E. Engert deengert at anl.gov
Mon Aug 24 10:13:32 EDT 2009 



Santiago Rivas wrote:
> Hi, Douglas
>  
> I had already read that document (in my opinion, a very good one!). But 
> it does not contain enough information for my purpose: the client-side 
> of the application is running through a web browser and it is written in 
> Java. I'm using GSS-API with JAAS, which I agree that makes things a lot 
> easier. But the point is that server-side must be written in C, in order 
> to compile it into a DLL. I have searched for a C-GSSAPI framework... 
> with poor results.

So the server is on Windows. Then you might be able to use the Microsoft SSPI
on the server, as SSPI uses the same protocol as GSSAPI. I have done SSPI
clients to GSS-API servers on Unix, but not the other way.

> I have downloaded several archives from:
>  
> http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/gssapi/
>  
> But I'm not able to get it working for Visual Studio. Is there any 
> website where I can download an open source C GSSAPI framework?
>  
> Thanks a lot!
>  
> Regards,
> Santiago
> 
> 
> 2009/8/21 Douglas E. Engert <deengert at anl.gov <mailto:deengert at anl.gov>>
> 
> 
> 
>     Santiago Rivas wrote:
> 
>         Hi everyone,
> 
>         I have recently started working with Kerberos v5 and I have read
>         many
>         manuals and documents explaining the protocol and showing some
>         short sample
>         code. I'm writing a custom C / Java application and I want to
>         "kerberize" it
>         in order to achieve Single Sign-On. Up to now, I'm able to
>         generate both tgt
>         and tgs tickets on the client, but the main challenge I find is
>         how to
>         validate the tgs ticket once it's recieved by the server side of the
>         application... Any help? Thanks in advance!
> 
> 
>     You say it is C / Java, If you are calling Kerberos from Java, have
>     you looked at:
> 
>     http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html
> 
>     You might be better off use the GSS-API rather then Kerberos directly.
>     The above URL has an example for that too.
> 
>     Goolge for java kerberos  to find other references.
> 
> 
> 
>         PD: I would appreciate to see some source code or read specific
>         documentation on this task.
>         _______________________________________________
>         krbdev mailing list             krbdev at mit.edu
>         <mailto:krbdev at mit.edu>
>         https://mailman.mit.edu/mailman/listinfo/krbdev
> 
> 
> 
>     -- 
> 
>      Douglas E. Engert  <DEEngert at anl.gov <mailto:DEEngert at anl.gov>>
>      Argonne National Laboratory
>      9700 South Cass Avenue
>      Argonne, Illinois  60439
>      (630) 252-5444
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list