Getting ticket from the KDC in C

Dean Dln constantinedalianis at gmail.com
Thu Jan 7 10:18:24 EST 2021 

Dear Chris and Ken,

Thank you both for your replies. They helped a lot.
I work for CERN and we are using Kerberos for user authentication purposes.
I managed to get a service ticket using `gss_init_sec_context` from GSSAPI.

Best regards,
Dean

On Wed, 6 Jan 2021 at 21:48, Chris Hecker <checker at d6.com> wrote:

>
> Have you compiled and run the samples in the source distribution (in
> src/appl in my version)?  There are two different client/server samples
> and a user to user sample.  Those should at least get you started
> (they're how I got started with the krb5 c api).  Also, the klist and
> kvno sources show how to decode tickets and whatnot, if you need to do
> that.
>
> Chris
>
>
> ------ Original Message ------
> From: "Dean Dln" <constantinedalianis at gmail.com>
> To: krbdev at mit.edu
> Sent: 2021-01-06 00:06:41
> Subject: Getting ticket from the KDC in C
>
> >Dear all,
> >
> >I would like to ask for some tips on how to get a ticket from the Key
> >Distribution Center (KDC) using the MIT krb5 API in C/C++?
> >
> >I already have a working Java Client which uses GSS-API to obtain a ticket
> >from the KDC (using a local TGT) and forwards it to a Java Server.
> >
> >The server accepts the security context using the following logic:
> >
> >private GSSContext acceptSecurityContext(Subject serverSubject, final
> >byte[] kerberosServiceTicket) {
> >  return Subject.doAs(serverSubject, (PrivilegedAction<GSSContext>) () ->
> {
> >             GSSContext gssContext;
> >             try {
> >                 gssContext = manager.createContext((GSSCredential) null);
> >             } catch (GSSException ex) {
> >                 LOGGER.warn("Could not create Kerberos gssContext: " +
> >ex.getMessage(), ex);
> >                 return null;
> >             }
> >             try {
> >                 gssContext.acceptSecContext(kerberosServiceTicket, 0,
> >kerberosServiceTicket.length);
> >             } catch (GSSException ex) {
> >                 LOGGER.warn("Could not accept security context: " +
> >ex.getMessage(), ex);
> >                 return null;
> >             }
> >             return gssContext;
> >         });
> >}
> >
> >I am trying to implement a C client - similar to the Java one - using MIT
> >krb5 API and I can't seem to make it work. So far this is my C client
> code:
> >
> >     krb5_context context;
> >     krb5_ccache ccache;
> >     krb5_creds *outCreds = NULL;
> >     krb5_creds inCreds;
> >     int retval;
> >     char *principal = "...";
> >
> >     retval = krb5_init_secure_context(&context);
> >     ...
> >
> >     retval = krb5_cc_default(context, &ccache);
> >     ...
> >
> >     memset(&inCreds, 0, sizeof(inCreds));
> >     retval = krb5_parse_name(context, principal, &inCreds.server);
> >     ...
> >
> >     retval = krb5_cc_get_principal(context, ccache, &inCreds.client);
> >     ...
> >
> >     retval = krb5_get_credentials(context, 0, ccache, &inCreds,
> &outCreds);
> >     ...
> >
> >     // also tried using the following:
> krb5Ticket->enc_part.ciphertext.data
> >     // (maybe this is the correct way, but I should somehow decrypt it
> and
> >use krb5Ticket->enc_part2 ?)
> >     // retval = krb5_decode_ticket(&outCreds->ticket, &krb5Ticket);
> >     // ...
> >
> >     char *base64KerberosTicket = base64_encode(outCreds->ticket.data,
> >strlen(outCreds->ticket.data));
> >
> >     char *response = loginKerberos(base64KerberosTicket);
> >     ...
> >
> >Thank you in advance.
> >
> >Best regards,
> >Dean
> >_______________________________________________
> >krbdev mailing list             krbdev at mit.edu
> >https://mailman.mit.edu/mailman/listinfo/krbdev
>
>

More information about the krbdev mailing list