Getting ticket from the KDC in C

Chris Hecker checker at d6.com
Wed Jan 6 14:48:17 EST 2021 

Have you compiled and run the samples in the source distribution (in 
src/appl in my version)?  There are two different client/server samples 
and a user to user sample.  Those should at least get you started 
(they're how I got started with the krb5 c api).  Also, the klist and 
kvno sources show how to decode tickets and whatnot, if you need to do 
that.

Chris


------ Original Message ------
From: "Dean Dln" <constantinedalianis at gmail.com>
To: krbdev at mit.edu
Sent: 2021-01-06 00:06:41
Subject: Getting ticket from the KDC in C

>Dear all,
>
>I would like to ask for some tips on how to get a ticket from the Key
>Distribution Center (KDC) using the MIT krb5 API in C/C++?
>
>I already have a working Java Client which uses GSS-API to obtain a ticket
>from the KDC (using a local TGT) and forwards it to a Java Server.
>
>The server accepts the security context using the following logic:
>
>private GSSContext acceptSecurityContext(Subject serverSubject, final
>byte[] kerberosServiceTicket) {
>  return Subject.doAs(serverSubject, (PrivilegedAction<GSSContext>) () -> {
>             GSSContext gssContext;
>             try {
>                 gssContext = manager.createContext((GSSCredential) null);
>             } catch (GSSException ex) {
>                 LOGGER.warn("Could not create Kerberos gssContext: " +
>ex.getMessage(), ex);
>                 return null;
>             }
>             try {
>                 gssContext.acceptSecContext(kerberosServiceTicket, 0,
>kerberosServiceTicket.length);
>             } catch (GSSException ex) {
>                 LOGGER.warn("Could not accept security context: " +
>ex.getMessage(), ex);
>                 return null;
>             }
>             return gssContext;
>         });
>}
>
>I am trying to implement a C client - similar to the Java one - using MIT
>krb5 API and I can't seem to make it work. So far this is my C client code:
>
>     krb5_context context;
>     krb5_ccache ccache;
>     krb5_creds *outCreds = NULL;
>     krb5_creds inCreds;
>     int retval;
>     char *principal = "...";
>
>     retval = krb5_init_secure_context(&context);
>     ...
>
>     retval = krb5_cc_default(context, &ccache);
>     ...
>
>     memset(&inCreds, 0, sizeof(inCreds));
>     retval = krb5_parse_name(context, principal, &inCreds.server);
>     ...
>
>     retval = krb5_cc_get_principal(context, ccache, &inCreds.client);
>     ...
>
>     retval = krb5_get_credentials(context, 0, ccache, &inCreds, &outCreds);
>     ...
>
>     // also tried using the following: krb5Ticket->enc_part.ciphertext.data
>     // (maybe this is the correct way, but I should somehow decrypt it and
>use krb5Ticket->enc_part2 ?)
>     // retval = krb5_decode_ticket(&outCreds->ticket, &krb5Ticket);
>     // ...
>
>     char *base64KerberosTicket = base64_encode(outCreds->ticket.data,
>strlen(outCreds->ticket.data));
>
>     char *response = loginKerberos(base64KerberosTicket);
>     ...
>
>Thank you in advance.
>
>Best regards,
>Dean
>_______________________________________________
>krbdev mailing list             krbdev at mit.edu
>https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krbdev mailing list