Kerberos authentication using GSSAPI
Simo Sorce
simo at redhat.com
Thu May 23 16:04:08 EDT 2019
Are you able to obtain proper kerberos credentials outside of sasl ?
I would make sure you can manually get that going first.
Simo.
On Thu, 2019-05-23 at 18:47 +0000, Fan, Jan-fon wrote:
> Hi,
> I have been using a Python client script to do the authentication in our Linux environment and it's working properly.
> Now I need to write a C program to do the authentication and I am choosing Cyrus 2.1.27.
> After installation, I ran pluginviewer and it showed:
>
> Installed and properly configured SASL (client side) mechanisms are:
> GS2-IAKERB GS2-KRB5 GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 PLAIN ANONYMOUS
> Available SASL (client side) mechanisms matching your criteria are:
> GS2-IAKERB GS2-KRB5 GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 PLAIN ANONYMOUS
>
> So I think the installation is OK.
>
> But after more than one week of trying, I am not able to make it work. Currently I got "generic failure" error message from the sasl_client_step.
> I will be appreciated if someone can send me a sample client program using GSSAPI mechanism.
> Below is my code:
>
> int result;
> const char *data;
> unsigned len;
> const char *sasl_impl, *sasl_ver;
> sasl_interact_t *interactions = NULL;
> sasl_conn_t *conn;
> const char *chosenmech;
> char buf[2048];
>
> sasl_security_properties_t secprops = {56, 256, 2048, SASL_SEC_PASS_CREDENTIALS, NULL, NULL };
>
> sasl_callback_t callbacks[] = {
> { SASL_CB_AUTHNAME, NULL, NULL },
> { SASL_CB_PASS, NULL, NULL },
> { SASL_CB_LIST_END, NULL, NULL }};
>
> result = sasl_client_init(callbacks);
>
> result = sasl_client_new("HTTP", "SCVIMOPXJDAPP01.INTEL.COM", NULL, NULL, NULL, callbacks, SASL_SUCCESS_DATA, &conn);
>
> sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
>
> result=sasl_client_start(conn, "GSSAPI", &interactions, &data, &len, &chosenmech);
>
> result = sasl_client_step(conn, NULL, NULL, NULL, &data, &len);
> while (result == SASL_CONTINUE) {
> strcpy(buf, data);
> data=NULL;
> result = sasl_client_step(conn, buf, len, NULL, &data, &len);
> }
>
> After the while loop, the result is -1 (generic failure).
>
> Thanks,
> Jan
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc
More information about the Cyrus-sasl
mailing list