1

My network has a kerberos server for username/password authentication. Machines that run my application have functioning kerberos clients, so users can use kinit, etc.

How do I interact with the server programatically, from my own custom applications? The preferred language for an example is C.

I want users of my application to authenticate against a kerberos server before access to certain functions. I anticipate having to ask them for their username and password - kinit may not have been called.

The machines hosting the applications run OS X and Debian/Linux.

I believe the answer might well involve GSSAPI. If so, are there good tutorials for this?

4

3 回答 3

3

Sun 在他们的《Solaris Security for Developers Guide》一书中对此进行了介绍。对您特别有帮助的可能是附录 A - 基于 C 的 GSSAPI 程序示例第 5 章 - GSS-API 客户端示例

于 2009-01-05T03:03:13.050 回答
1

看看 Heimdal,他们有一个广泛的 kerberos API,下面的站点有一个很好的 doxygen 安装,描述了 API。

http://www.h5l.org

于 2009-12-04T03:56:35.810 回答
0

GSSAPI is indeed the recommended approach, but the precise details will depend on your language environment and whether you need interop with Windows. Is your kerberos provider Windows or something else?

On Windows, Kerberos is a native protocol supported by the OS, and many high level Win32 APIs will effectively give you it for free. Making it interop with a non Windows kerberos server is possible but not trivial.

On UNIX, you may first need to install kerberos client support and get that working - but if your network already has a kerberos server, this may have been done for you already.

Windows includes an implementation of GSSAPI as does Java, and most UNIX flavors have an implementation. I believe GSSAPI addons are available for PHP also.

If you can add more specifics on your requirements I can firm this answer up a bit.

于 2009-01-04T18:04:25.743 回答