Thank you Simo. Can you please tell me how to check if my environment is Kerberos compliant ?
I'm working on Sun Solaris 10 and I can do kinit, klist, kdestroy, there is a /etc/krb5/krb5.conf Does this tell me if the environment has been Kerborized ? Thank you Imanuel. -----Original Message----- From: Simo Sorce [mailto:s...@redhat.com] Sent: 16 January 2018 21:08 To: Imanuel Greenfeld <imanuel.greenfe...@ntlworld.com>; 'Benjamin Kaduk' <ka...@mit.edu> Cc: kerberos@mit.edu Subject: Re: krb5_verify_user If you need to use kerberos over HTTP you should probably use at existing projects and reuse those, look for mod_auth_gssapi (C module for Apache) or request-gssapi (python module that uses python-gssapi for python-requests) and other similar efforts. They all implement the SPNEGO RFCs: 4178, 4559 for example. HTH, Simo. On Tue, 2018-01-16 at 19:06 +0000, Imanuel Greenfeld wrote: > Hello Ben, > > Thanks for your advice. > > I understand it much better now. > > I'm getting a token back from the KDC - it's huge encrypted string. > > I need to incorporate that into my HTTP request. I'm thinking whether > it I'll get through the authentication by adding this to HTTP header. > > The HTTP headers I looked at had :- Authorization: Basic <token> > > For example : Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1 > > Any ideas how I can do that ? Should I treat is as a string ? > > Thanks > > Imanuel. > > > > > -----Original Message----- > From: Benjamin Kaduk [mailto:ka...@mit.edu] > Sent: 09 January 2018 00:15 > To: Imanuel Greenfeld <imanuel.greenfe...@ntlworld.com> > Cc: kerberos@mit.edu > Subject: Re: krb5_verify_user > > On Mon, Jan 08, 2018 at 09:49:06PM +0000, Imanuel Greenfeld wrote: > > Hello, > > > > > > > > Hope you're well. > > > > > > > > Happy new year. > > > > > > > > I am looking for krb5_verify_user function under krb5/krb5.h and in > > fact anywhere but cannot find it. > > > > > > > > I know it's not recommended to use it with the password, but I want > > to see if I can prove the point. > > > > > > > > I am therefore getting compilation error for the function needing a > > prototype. > > > > > > > > I'm using 1.16 and also tried on 1.15.2 > > > > > > > > Any ideas please ? > > krb5_verify_user() is a function in the Heimdal implementation of > Kerberos, but is not present in MIT krb5. > > Upon cursory examination, it seems that > krb5_get_init_creds_password() and krb5_verify_init_creds() together > might be a suitable replacement. Note that it requires the caller to > have access to a service keytab (and the principal name must be > specified if it is not host/<localhost>). > > -Ben > > ________________________________________________ > Kerberos mailing list Kerberos@mit.edu > https://mailman.mit.edu/mailman/listinfo/kerberos -- Simo Sorce Sr. Principal Software Engineer Red Hat, Inc ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
