After a tedious trial and error process I was able to create the
PC-X: Running windows 2003 (active directory mode) domain name is:
PC-Y: Running XP that is a member in the active directory
PC-Z: Not a member in the domain. Running visual studio. (have the MIT
Kerberos API is installed)
After I got Microsofts open source for SPNEGO parsing,
I've created a simple web server that listens on port 80 when it
receives an HTTP request it parses the header does uudecode for the
Authorization data and passes the binary buffer to the SPNEGO API.
When tested with a browser running on PC-Y it seem to pass an SPNEGO
token (and not NTLM.). The SPNEGO API returned a success.
So I guess so fat so good..
The next steps:
On the active directory I've created a user (kerbuser) for the remote
service and gave it an SPN using those commands
SETSPN -A host/r2d2.myhost.com kerbuser
SETSPN -A HTTP/r2d2.myhost.com kerbuser
the next step was:
Now I had the keytab files, so far things went totally groovy!
This is where the problem starts:
in the SPNEGO source it says .."call gss_accept_sec_context()"
and so I did but all I got was an error from "gss_acquire_cred()"
How can I enable SPNEGO on my mini web server?
Help me please ..