[38192] in Kerberos
RE: Different realms
daemon@ATHENA.MIT.EDU (Imanuel Greenfeld)
Sun Jan 28 13:21:40 2018
From: "Imanuel Greenfeld" <imanuel.greenfeld1@ntlworld.com>
To: "'Robbie Harwood'" <rharwood@redhat.com>, <kerberos@mit.edu>
In-Reply-To: <jlgvafmma01.fsf@redhat.com>
Date: Sun, 28 Jan 2018 15:49:04 -0000
Message-ID: <001e01d3984f$8681acc0$93850640$@ntlworld.com>
MIME-Version: 1.0
Content-Language: en-gb
Cc: "'Simo Sorce'" <simo@redhat.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Thank you Robbie.
You are right using a script calling curl I managed to send the request and
all ok, but it's horrible idea to call curl from C++ and how will I do it ?
system call ?
So, I did this instead so far :-
struct SOAP_ENV__Header
{
struct ns3__Header *ns3__MyHeader;
};
struct ns3__Header
{
char *Username;
char *Password;
};
soap * mysoap = soap_new1(SOAP_C_UTFSTRING);
soap_init(&mysoap);
mysoap.header = (SOAP_ENV__Header *)soap_malloc(&mysoap,
sizeof(SOAP_ENV__Header));
mysoap.header->ns3__MyHeader = (ns3__Header*)malloc(sizeof(ns3__Header));
/****** I know that hard coding username and password is contrary to
Kerberos but I'm just trying to see if I can pass the authentication.
******/
mysoap.header->ns3__MyHeader->Username = (char*)malloc(10 * sizeof(char));
strcpy(mysoap.header->ns3__MyHeader-> Username, "<username>");
mysoap.header->ns3__MyHeader-> Password = (char*)malloc(10 * sizeof(char));
strcpy(mysoap.header->ns3__MyHeader-> Password, "<password>");
const char *endpointURL = "http://...";
value request(mysoap), response(mysoap);
... // now populate the request data to send
request[0] = ...;
request[1] = ...;
if (json_call(mysoap, endpointURL, request, response))
{
... // use response value
}
I will change the code to process the keytab and pass Username and Password
credentials as you say, but how does this look ?
Any ideas how this can be improved to get through the authentication ?
Thank you
Imanuel.
-----Original Message-----
From: Robbie Harwood [mailto:rharwood@redhat.com]
Sent: 28 January 2018 12:41
To: Imanuel Greenfeld <imanuel.greenfeld1@ntlworld.com>; kerberos@mit.edu
Cc: 'Simo Sorce' <simo@redhat.com>
Subject: RE: Different realms
"Imanuel Greenfeld" < <mailto:imanuel.greenfeld1@ntlworld.com>
imanuel.greenfeld1@ntlworld.com> writes:
> public void doWithKeytabFile() {
> KerberosRestTemplate restTemplate =
> new KerberosRestTemplate("/tmp/user2.keytab",
> " <mailto:user2@EXAMPLE.ORG> user2@EXAMPLE.ORG");
> restTemplate.getForObject(" <http://neo.example.org:8080/hello>
http://neo.example.org:8080/hello",
> String.class);
> }
>
> As you can see the HTTP request just has one "endpoint" so the keytab
> needs to be part of it.
>
> But in C++ I cannot find a way how to achieve the same - in other
> words, once I have the keytab in the code, and I separately build the
> HTTP request, how do I incorporate that keytab to that HTTP request ?
The keytab isn't part of the request. The *credential*, which is derived
from the keytab, is part of the request.
> I can only change the client code - the server code is not available to
me.
>
> Once again, I'm trying to find C/C++ good example.
You'll most likely need to write it yourself, which is why I linked you the
requests-gssapi version. I'm not sure anyone's done the client side of this
from C, other than curl [1]. I don't find that easier to read than the
python, but I'm of course biased.
Thanks,
--Robbie
1: <https://github.com/curl/curl> https://github.com/curl/curl
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
