Kerberos authentication using GSSAPI

Simo Sorce simo at redhat.com
Thu May 23 16:04:08 EDT 2019 

Are you able to obtain proper kerberos credentials outside of sasl ?
I would make sure you can manually get that going first.

Simo.

On Thu, 2019-05-23 at 18:47 +0000, Fan, Jan-fon wrote:
> Hi,
> I have been using a Python client script to do the authentication in our Linux environment and it's working properly.
> Now I need to write a C program to do the authentication and I am choosing Cyrus 2.1.27.
> After installation, I ran pluginviewer and it showed:
> 
> Installed and properly configured SASL (client side) mechanisms are:
>   GS2-IAKERB GS2-KRB5 GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 PLAIN ANONYMOUS
> Available SASL (client side) mechanisms matching your criteria are:
>   GS2-IAKERB GS2-KRB5 GSSAPI DIGEST-MD5 EXTERNAL CRAM-MD5 PLAIN ANONYMOUS
> 
> So I think the installation is OK.
> 
> But after more than one week of trying, I am not able to make it work. Currently I got "generic failure" error message from the sasl_client_step.
> I will be appreciated if someone can send me a sample client program using GSSAPI mechanism.
> Below is my code:
> 
> int result;
> const char *data;
> unsigned len;
> const char *sasl_impl, *sasl_ver;
> sasl_interact_t *interactions = NULL;
> sasl_conn_t *conn;
> const char *chosenmech;
> char buf[2048];
> 
> sasl_security_properties_t secprops = {56, 256, 2048, SASL_SEC_PASS_CREDENTIALS, NULL, NULL };
> 
> sasl_callback_t callbacks[] = {
>                 { SASL_CB_AUTHNAME, NULL, NULL },
>                 { SASL_CB_PASS, NULL, NULL },
>                 { SASL_CB_LIST_END, NULL, NULL }};
> 
> result = sasl_client_init(callbacks);
> 
> result = sasl_client_new("HTTP", "SCVIMOPXJDAPP01.INTEL.COM", NULL, NULL, NULL, callbacks, SASL_SUCCESS_DATA, &conn);
> 
> sasl_setprop(conn, SASL_SEC_PROPS, &secprops);
> 
> result=sasl_client_start(conn, "GSSAPI", &interactions, &data, &len, &chosenmech);
> 
> result = sasl_client_step(conn, NULL, NULL, NULL, &data, &len);
> while (result == SASL_CONTINUE) {
>                 strcpy(buf, data);
>                 data=NULL;
>                 result = sasl_client_step(conn, buf, len, NULL, &data, &len);
> }
> 
> After the while loop, the result is -1 (generic failure).
> 
> Thanks,
> Jan

-- 
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc

More information about the Cyrus-sasl mailing list