[39430] in Kerberos
Re: How to get Kerberos token for proxy authentication
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Tue Jun 4 12:45:30 2024
Message-Id: <202406041643.454Ghvtq030918@hedwig.cmf.nrl.navy.mil>
To: "m_a_n_j_u_s_k@yahoo.com" <m_a_n_j_u_s_k@yahoo.com>
cc: <kerberos@mit.edu>
In-Reply-To: <1164986234.1357879.1717504286646@mail.yahoo.com>
MIME-Version: 1.0
Date: Tue, 04 Jun 2024 12:43:57 -0400
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
> Hi again, I am looking at the implementing this (getting Kerberos
>service token) in C using Heimdal Kerberos library. In Golang using
>this go package https://github.com/alexbrainman/sspi it was simply two
>calls as below:
>
>cred=negotiate.AcquireCurrentCredentials()token =
>negotiate.NewClientContext(cred, spn) However it looks bit complex in C
>using MIT/Heimdal library. I am looking at this example mentioned in the
>RFC herehttps://datatracker.ietf.org/doc/html/rfc7546.html#section-5.1
>Just checking if someone has done a similar thing and I am on the right
>track. Thank you.
I think you're comparing apples and oranges a bit there; those two calls
you mention (which from my look at that Golang library really only end
up as one SSPI call) are only a small part of the overall authentication
flow. The code in that RFC you reference is a mostly-complete GSSAPI
application which includes a full loop and interprocess communication.
I'm going to repeat what I said last time: look at the libcurl source
code which already does this.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
