Re: programmatically access to kerberos



On Dec 16, 4:12 am, Deepika <Deep...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Actually while trying to implement Kerberos mechanism.
I am using <Krb5.h>
It is not compiling in C++ compiler in windows.
In the sense when i am trying to declare a struct object given below
krb5_context context;
it is giving error for krb5_context which is declared in krb5.h.
krb5.h is standard file.
Also i have included the header file and library file in the project.
What am i missing?
Any thought?



"Deepika" wrote:
Hi thanks your help
But from where can i get your mailid.

Also I checkd in the readme.txt file along with Klist sample.
I'll just paste the content here.

""This sample demonstrates how to use the the LSA interface to the
Kerberos authentication package on Microsoft Windows 2000 for the
purpose of viewing and deleting the Kerberos tickets granted to the
current logon session.
This sample will only work on Windows 2000. To actually see any tickets,
your Windows 2000 machine must be joined to a Windows 2000 domain.
WARNING: Deleting Kerberos tickets can disable the full functionality of
Windows 2000 for the current logon session.
See the Platform SDK for more information on the Kerberos protocol and
Kerberos tickets.""
See here it is written that This sample will only work on Windows 2000.

"DaveMo" wrote:

On Dec 12, 1:11 am, Deepika <Deep...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hi
Actually downloaded the Platform SDK and looked into the basic source code.
There it is written that the code will run only Window 2000.
I need this functionality in all version of Windows above 2k.
Will the utility suggested by you work across all the version Windows????

I tried to download the utility but was unable to do so due to blockage in
my office.
I'll try from some where else.

If possible please share the source code so that i can start fo with this..

"Deepika" wrote:
Actually i am trying to use kerberos for the first time.
I have only read this mechanism theoritically and do not know how this
happens in reality.

I started with hit and try approach.
So i'll try to use it and tell you.
Moreover I'll be so grateful if you can send me the code so that i can have
a better understanding of the things how actually it happnes.

"DaveMo" wrote:

On Dec 10, 9:19 pm, Deepika <Deep...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I want to get the TGT from the kerberos and store it in the credential cache.
Later i want to raise a request for a service ticket to kerberos.
Basically i have to follow the complete kerberos mechanism.
All this i want to do programmatically in VC++.
I found out a function krb5_get_in_tkt_with_skey() to start with.
I am not getting directions to proceed forward.
Can anyone help me on this?

On Windows you'll want to use the Windows APIs to do this kind of
thing. start with the KLIST sample from the Windows Platform SDK. I
have an extended version of KLIST that has this functionality and you
can find the binary here:www.securitay.com/support/freeutils.aspx

Try it out and if it does what you want then let me know and I'll send
you the source code.

HTH,
Dave- Hide quoted text -

- Show quoted text -

Windows samples typically work across all versions of the OS. They
don't break backwards or forwards compat if it can possibly be
avoided.

My version is the same code as the KLIST sample but with a couple of
additional pieces of functionality.

Send me an e-mail offline and I'll mail you the source.

Dave- Hide quoted text -

- Show quoted text -

If you have code that will be running on Windows then you should use
the Windows LSA APIs.

If you can explain more of what you are trying to do I can try to help
a bit with your design. You can get my e-mail from my profile page.

Dave
.



Relevant Pages

  • Re: cross-realm authentication problem
    ... Windows client are in KLIENT.UIB.NO, Windows user accounts are in UIB.NO, Unix/Linux machines and accounts are in UNIX.UIB.NO. ... I have one web server running RHEL4, apache 2.0.52 and Kerberos 1.3.4 as provided by Redhat, self-compiled mod_auth_kerb 5.4, and another running RHEL5, apache 2.2.3 and Kerberos 1.6.1 as provided by Redhat, self-compiled mod_auth_kerb 5.4. ... After authenticating against UIB.NO on a Linux machine (which have UNIX.UIB.NO as primary realm in krb5.conf) cross-realm authentication works fine. ... But using a Windows machine where the user is authenticated in UIB.NO I get cross-realm authentication only to the web server running RHEL4, not the one running RHEL5, I never even get a ticket for UNIX.UIB.NO from AD when trying to access the RHEL5 server web page. ...
    (comp.protocols.kerberos)
  • Re: Authenticating LDAP connection with current windows users credentials?
    ... setup and theory behind an ldap ... The Kerberos only works with ADS right now but that is sufficient for your situation. ... when the user has logged in interactively and therefore has a valid Kerberos ticket cached in Windows logon credential cache. ... CallbackHandler callbackHandler = new KerbCallback; ...
    (comp.lang.java.programmer)
  • Re: UserName and Kerberos tokens at the same time
    ... > What makes me feeling a bit strange is that the WSE 3.0 Kerberos demo also ... Are you logon the computer as a domain user when running the ... I have tried it on a Windows 2003 server as well and there I get the ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: Active Directory Kerberos Server and Windows MIT Tools Client
    ... different URLs (each URL corresponds to an IIS server with Kerberos ... multiple IE windows will be ... Active Directory Kerberos Server and Windows MIT Tools ... when I login with a domain account I get a TGT ...
    (comp.protocols.kerberos)
  • Re: Avoid sending current credentials automatically over the network
    ... Windows has SSP's for Kerberos, NTLM, and Schannel. ... Windows will try to use the "most secure" first, ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)