[30246] in Kerberos
Using GSSAPI to Authenticate to AD
daemon@ATHENA.MIT.EDU (neelsmail@rediffmail.com)
Wed Aug 27 10:23:11 2008
From: neelsmail@rediffmail.com
Date: Wed, 27 Aug 2008 01:53:46 -0700 (PDT)
Message-ID: <24ceb2f4-891a-45f0-9f4b-27f338938512@1g2000pre.googlegroups.com>
Mime-Version: 1.0
X-Complaints-To: groups-abuse@google.com
Complaints-To: groups-abuse@google.com
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
I want to authenticate an Active Directory User using GSSAPI. The code
would be in C++. To be specific here is the scenario:
1] End user adopts/creates one or more Active Directory users using
any of the AD integration packages on Linux.
2] In my executable, which would be always running as root, I find out
that I need to use AD user and authenticate using GSSAPI
3] I cannot impersonate as the user because that would change user
context of whole process.
4] Therefore, I need to somehow find out whether there is already a
ticket for that user available (Win32 SDK: AcquireCredentialsHandle,
GSSAPI: GSSAPI::Name->import?)
5] If not, process would obtain one.
6] Get the ticket and initialize the security context (Win32SDK:
InitializeSecurityContext, GSSAPI: GSSAPI::Context::init?)
7] Get the token and send it for authentication
If the process is running in the user context which needs to be
authenticated, it's easier and I have perl implemenation of it. But in
this case, since process will always be running as root, I don't know
if there is a way I can know/get ticket for authentication.
Is there a sample/example that can, at least in parts if not
completely, illustrate how this can be done using C/C++ somewhere?
I found one link on MSDN but don't know whether that's the entire flow/
applicable: http://msdn.microsoft.com/en-us/library/ms995352.aspx
Any comments would be welcome.
Thanks in advance,
-Neel.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
