[20216] in Kerberos_V5_Development
Getting ticket from the KDC in C
daemon@ATHENA.MIT.EDU (Dean Dln)
Wed Jan 6 09:34:11 2021
MIME-Version: 1.0
From: Dean Dln <constantinedalianis@gmail.com>
Date: Wed, 6 Jan 2021 10:06:41 +0200
Message-ID: <CAECsUzZiRDLanqCf-Biqwfa5qu-_AYrh=vW3u8sjwfZ9jeSPsw@mail.gmail.com>
To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Dear all,
I would like to ask for some tips on how to get a ticket from the Key
Distribution Center (KDC) using the MIT krb5 API in C/C++?
I already have a working Java Client which uses GSS-API to obtain a ticket
from the KDC (using a local TGT) and forwards it to a Java Server.
The server accepts the security context using the following logic:
private GSSContext acceptSecurityContext(Subject serverSubject, final
byte[] kerberosServiceTicket) {
return Subject.doAs(serverSubject, (PrivilegedAction<GSSContext>) () -> {
GSSContext gssContext;
try {
gssContext = manager.createContext((GSSCredential) null);
} catch (GSSException ex) {
LOGGER.warn("Could not create Kerberos gssContext: " +
ex.getMessage(), ex);
return null;
}
try {
gssContext.acceptSecContext(kerberosServiceTicket, 0,
kerberosServiceTicket.length);
} catch (GSSException ex) {
LOGGER.warn("Could not accept security context: " +
ex.getMessage(), ex);
return null;
}
return gssContext;
});
}
I am trying to implement a C client - similar to the Java one - using MIT
krb5 API and I can't seem to make it work. So far this is my C client code:
krb5_context context;
krb5_ccache ccache;
krb5_creds *outCreds = NULL;
krb5_creds inCreds;
int retval;
char *principal = "...";
retval = krb5_init_secure_context(&context);
...
retval = krb5_cc_default(context, &ccache);
...
memset(&inCreds, 0, sizeof(inCreds));
retval = krb5_parse_name(context, principal, &inCreds.server);
...
retval = krb5_cc_get_principal(context, ccache, &inCreds.client);
...
retval = krb5_get_credentials(context, 0, ccache, &inCreds, &outCreds);
...
// also tried using the following: krb5Ticket->enc_part.ciphertext.data
// (maybe this is the correct way, but I should somehow decrypt it and
use krb5Ticket->enc_part2 ?)
// retval = krb5_decode_ticket(&outCreds->ticket, &krb5Ticket);
// ...
char *base64KerberosTicket = base64_encode(outCreds->ticket.data,
strlen(outCreds->ticket.data));
char *response = loginKerberos(base64KerberosTicket);
...
Thank you in advance.
Best regards,
Dean
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
