Validating Kerberos tickets
Santiago Rivas
sanribu at gmail.com
Tue Aug 25 10:56:41 EDT 2009
Well, both the KDC and the client-side of the application are
running on different Debian GNU/Linux machines. But the client could also be
executed on a Windows machine, since it is written in Java.
You are right, Douglas, the server-side of my application is currently
running on a Windows machine, but I'm planning the development of the
same functionality for a Linux machine. So the challenge is to write it in
C, but I don't know where to download C GSSAPI libraries from... Are there
any free C GSSAPI frameworks availible on the web to download?
Thanks again for your help!
Regards,
Santiago
2009/8/24 Douglas E. Engert <deengert at anl.gov>
>
>
>
> Santiago Rivas wrote:
>
>> Hi, Douglas
>> I had already read that document (in my opinion, a very good one!). But
>> it does not contain enough information for my purpose: the client-side of
>> the application is running through a web browser and it is written in Java.
>> I'm using GSS-API with JAAS, which I agree that makes things a lot easier.
>> But the point is that server-side must be written in C, in order to compile
>> it into a DLL. I have searched for a C-GSSAPI framework... with poor
>> results.
>>
>
> So the server is on Windows. Then you might be able to use the Microsoft
> SSPI
> on the server, as SSPI uses the same protocol as GSSAPI. I have done SSPI
> clients to GSS-API servers on Unix, but not the other way.
>
> I have downloaded several archives from:
>>
>> http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/gssapi/
>> But I'm not able to get it working for Visual Studio. Is there any
>> website where I can download an open source C GSSAPI framework?
>> Thanks a lot!
>> Regards,
>> Santiago
>>
>>
>> 2009/8/21 Douglas E. Engert <deengert at anl.gov <mailto:deengert at anl.gov>>
>>
>>
>>
>> Santiago Rivas wrote:
>>
>> Hi everyone,
>>
>> I have recently started working with Kerberos v5 and I have read
>> many
>> manuals and documents explaining the protocol and showing some
>> short sample
>> code. I'm writing a custom C / Java application and I want to
>> "kerberize" it
>> in order to achieve Single Sign-On. Up to now, I'm able to
>> generate both tgt
>> and tgs tickets on the client, but the main challenge I find is
>> how to
>> validate the tgs ticket once it's recieved by the server side of
>> the
>> application... Any help? Thanks in advance!
>>
>>
>> You say it is C / Java, If you are calling Kerberos from Java, have
>> you looked at:
>>
>>
>> http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html
>>
>> You might be better off use the GSS-API rather then Kerberos directly.
>> The above URL has an example for that too.
>>
>> Goolge for java kerberos to find other references.
>>
>>
>>
>> PD: I would appreciate to see some source code or read specific
>> documentation on this task.
>> _______________________________________________
>> krbdev mailing list krbdev at mit.edu
>> <mailto:krbdev at mit.edu>
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>
>>
>>
>> --
>> Douglas E. Engert <DEEngert at anl.gov <mailto:DEEngert at anl.gov>>
>> Argonne National Laboratory
>> 9700 South Cass Avenue
>> Argonne, Illinois 60439
>> (630) 252-5444
>>
>>
>>
> --
>
> Douglas E. Engert <DEEngert at anl.gov>
> Argonne National Laboratory
> 9700 South Cass Avenue
> Argonne, Illinois 60439
> (630) 252-5444
>
More information about the krbdev
mailing list