Validating Kerberos tickets

Santiago Rivas sanribu at gmail.com
Thu Aug 27 13:14:14 EDT 2009 

I must apologize, Douglas

I didn't take the time to explore MIT website and dowload Kerberos
release(s). That's exactly what I was talking about when I asked for the
"framework" (all the library files pacekd in the krb5/kwf tar and zip
files).

Now that I have got them, there is a lot of "hands on" left for me.

Thanks again! (and sorry if I drove you a little crazy)

Regards,
Santiago

2009/8/25 Douglas E. Engert <deengert at anl.gov>

>
>
> Santiago Rivas wrote:
>
>> Well, both the KDC and the client-side of the application are
>> running on different Debian GNU/Linux machines. But the client could also
>> be
>> executed on a Windows machine, since it is written in Java.
>>
>> You are right, Douglas, the server-side of my application is currently
>> running on a Windows machine, but I'm planning the development of the
>> same functionality for a Linux machine. So the challenge is to write it in
>> C, but I don't know where to download C GSSAPI libraries from... Are there
>> any free C GSSAPI frameworks availible on the web to download?
>>
>
> The MIT Kerberos comes with the GSSAPI library and headers, so I am not
> sure what
> your are missing. When you say framework, are you looking for examples, or
> how to
> avoid having to make the GSSAPI calls yourself.  There are lots of gssapi
> examples
> available, including the ones in the Kerberos distribution, in the
>  appl/gss-sample
> directory.
>
> One example of this is the Globus GSSAPI assist libraries, that do some of
> the GSSAPI
> calls for your. It was originally designed to work with the Globus gsi
> mechanism
> but should work as well with the Kerberos mechanism.
>
>
>
>> Thanks again for your help!
>>
>> Regards,
>> Santiago
>>
>> 2009/8/24 Douglas E. Engert <deengert at anl.gov>
>>
>>
>>>
>>> Santiago Rivas wrote:
>>>
>>> Hi, Douglas
>>>>  I had already read that document (in my opinion, a very good one!). But
>>>> it does not contain enough information for my purpose: the client-side
>>>> of
>>>> the application is running through a web browser and it is written in
>>>> Java.
>>>> I'm using GSS-API with JAAS, which I agree that makes things a lot
>>>> easier.
>>>> But the point is that server-side must be written in C, in order to
>>>> compile
>>>> it into a DLL. I have searched for a C-GSSAPI framework... with poor
>>>> results.
>>>>
>>>> So the server is on Windows. Then you might be able to use the Microsoft
>>> SSPI
>>> on the server, as SSPI uses the same protocol as GSSAPI. I have done SSPI
>>> clients to GSS-API servers on Unix, but not the other way.
>>>
>>>  I have downloaded several archives from:
>>>
>>>>
>>>> http://cvs.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/uts/common/gssapi/
>>>>  But I'm not able to get it working for Visual Studio. Is there any
>>>> website where I can download an open source C GSSAPI framework?
>>>>  Thanks a lot!
>>>>  Regards,
>>>> Santiago
>>>>
>>>>
>>>> 2009/8/21 Douglas E. Engert <deengert at anl.gov <mailto:deengert at anl.gov
>>>> >>
>>>>
>>>>
>>>>
>>>>   Santiago Rivas wrote:
>>>>
>>>>       Hi everyone,
>>>>
>>>>       I have recently started working with Kerberos v5 and I have read
>>>>       many
>>>>       manuals and documents explaining the protocol and showing some
>>>>       short sample
>>>>       code. I'm writing a custom C / Java application and I want to
>>>>       "kerberize" it
>>>>       in order to achieve Single Sign-On. Up to now, I'm able to
>>>>       generate both tgt
>>>>       and tgs tickets on the client, but the main challenge I find is
>>>>       how to
>>>>       validate the tgs ticket once it's recieved by the server side of
>>>> the
>>>>       application... Any help? Thanks in advance!
>>>>
>>>>
>>>>   You say it is C / Java, If you are calling Kerberos from Java, have
>>>>   you looked at:
>>>>
>>>>
>>>>
>>>> http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html
>>>>
>>>>   You might be better off use the GSS-API rather then Kerberos directly.
>>>>   The above URL has an example for that too.
>>>>
>>>>   Goolge for java kerberos  to find other references.
>>>>
>>>>
>>>>
>>>>       PD: I would appreciate to see some source code or read specific
>>>>       documentation on this task.
>>>>       _______________________________________________
>>>>       krbdev mailing list             krbdev at mit.edu
>>>>       <mailto:krbdev at mit.edu>
>>>>       https://mailman.mit.edu/mailman/listinfo/krbdev
>>>>
>>>>
>>>>
>>>>   --
>>>>    Douglas E. Engert  <DEEngert at anl.gov <mailto:DEEngert at anl.gov>>
>>>>    Argonne National Laboratory
>>>>    9700 South Cass Avenue
>>>>    Argonne, Illinois  60439
>>>>    (630) 252-5444
>>>>
>>>>
>>>>
>>>> --
>>>
>>>  Douglas E. Engert  <DEEngert at anl.gov>
>>>  Argonne National Laboratory
>>>  9700 South Cass Avenue
>>>  Argonne, Illinois  60439
>>>  (630) 252-5444
>>>
>>> _______________________________________________
>> krbdev mailing list             krbdev at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>
>>
>>
> --
>
>  Douglas E. Engert  <DEEngert at anl.gov>
>   Argonne National Laboratory
>  9700 South Cass Avenue
>  Argonne, Illinois  60439
>  (630) 252-5444
>

More information about the krbdev mailing list