[39394] in Kerberos
Re: How to get Kerberos token for proxy authentication
daemon@ATHENA.MIT.EDU (m_a_n_j_u_s_k--- via Kerberos)
Tue Mar 19 08:28:54 2024
Date: Tue, 19 Mar 2024 12:28:21 +0000 (UTC)
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Message-ID: <1971540388.4984456.1710851301228@mail.yahoo.com>
In-Reply-To: <202403180011.42I0Bfq8004419@hedwig.cmf.nrl.navy.mil>
MIME-Version: 1.0
From: m_a_n_j_u_s_k--- via Kerberos <kerberos@mit.edu>
Reply-To: "m_a_n_j_u_s_k@yahoo.com" <m_a_n_j_u_s_k@yahoo.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Thanks Ken,I understand I need to use GSSAPI for Linux/MacOS platforms. I was wondering if I can use MIT Kerberos GSSAPI for the same. Does libcurl use MIT Kerberos gssapi ?
Yes my proxy header would look exactly like you mentioned.
Thank-you.
Yahoo Mail: Search, organise, conquer
On Mon, 18 Mar 2024 at 12:11 am, Ken Hornstein<kenh@cmf.nrl.navy.mil> wrote: >Hi, I have a requirement to authenticate my application
>(Golang) against a proxy server which requires Kerberos
>authentication. I have achieved this on Windows using
>github/alexbrainman/sspi Golang package.From that package I
>basically call negotiate.AcquireCurrentUserCredentials() and
>negotiate.NewClientContext() to get the client token which gets passed
>to the proxy server in Proxy-Authorization header. I want to achieve
>the same on macOS and looking for suitable libraries. Can I use MIT
>Kerberos library for this purpose ?what are the APIs equivalent to get
>client token without prompting the user for password ? The user would
>have acquired Kerberos ticket on sign-in as a domain user.
I believe you would want to use the GSSAPI for this. If your header
looks like:
Proxy-Authorization: Negotiate <base64 encoded data>
Then definitely you want to use that. You could use libcurl as example
code if you wanted to see what this would look like.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos