Kerbrizing a windows process using SPNEGO

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Kerbrizing a windows process using SPNEGO

eitan-3
Hi,

After a tedious trial and error process I was able to create the
following environment:

PC-X: Running windows 2003 (active directory mode) domain name is:
R2D2.myhost.com
PC-Y: Running XP that is a member in the active directory
PC-Z: Not a member in the domain. Running visual studio. (have the MIT
Kerberos API is installed)

Now.
After I got Microsofts open source for SPNEGO parsing,
I've created a simple web server that listens on port 80 when it
receives an HTTP request it parses the header does uudecode for the
Authorization data and passes the binary buffer to the SPNEGO API.

When tested with a browser running on PC-Y it seem to pass an SPNEGO
token (and not NTLM.). The SPNEGO API returned a success.
So I guess so fat so good..

The next steps:
On the active directory I've created a user (kerbuser) for the remote
service and gave it an SPN using those commands
SETSPN -A host/r2d2.myhost.com kerbuser
SETSPN -A HTTP/r2d2.myhost.com kerbuser
the next step was:

ktpass -princ host/[hidden email] -pass XXX -mapuser
r2d2\kerbuser -out host.keytab

ktpass -princ HTTP/[hidden email] -pass XXX
-mapuser r2d2\kerbuser -out HTTP.keytab

Now I had the keytab files, so far things went totally groovy!

This is where the problem starts:
=================================
What's next?
in the SPNEGO source it says .."call gss_accept_sec_context()"
and so I did but all I got was an error from "gss_acquire_cred()"

How can I enable SPNEGO on my mini web server?
Help me please ..

Eitan

________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos