My network has a kerberos server for username/password authentication. Machines that run my application have functioning kerberos clients, so users can use kinit, etc.
我的网络有一个用于用户名/密码验证的kerberos服务器。运行我的应用程序的机器具有正常运行的kerberos客户端,因此用户可以使用kinit等。
How do I interact with the server programatically, from my own custom applications? The preferred language for an example is C.
如何从我自己的自定义应用程序以编程方式与服务器交互?示例的首选语言是C.
I want users of my application to authenticate against a kerberos server before access to certain functions. I anticipate having to ask them for their username and password - kinit may not have been called.
我希望我的应用程序的用户在访问某些功能之前对kerberos服务器进行身份验证。我预计不得不问他们的用户名和密码 - kinit可能没有被调用。
The machines hosting the applications run OS X and Debian/Linux.
托管应用程序的计算机运行OS X和Debian / Linux。
I believe the answer might well involve GSSAPI. If so, are there good tutorials for this?
我相信答案很可能涉及GSSAPI。如果是这样,有没有很好的教程?
3 个解决方案
#1
Sun covers this in their book Solaris Security for Developers Guide. Specifically helpful to you will probably be Appendix A - Sample C-based GSSAPI programs and Chapter 5 - GSS-API Client Example.
Sun在其“Solaris Security for Developers Guide”一书中介绍了这一点。对您有用的可能是附录A - 基于样本C的GSSAPI程序和第5章 - GSS-API客户端示例。
#2
Have a look at Heimdal, they have an extensive kerberos API, and the site below has a great doxygen install that describes the API.
看看Heimdal,他们有一个广泛的kerberos API,下面的网站有一个很好的doxygen安装来描述API。
#3
GSSAPI is indeed the recommended approach, but the precise details will depend on your language environment and whether you need interop with Windows. Is your kerberos provider Windows or something else?
GSSAPI确实是推荐的方法,但具体细节将取决于您的语言环境以及是否需要与Windows互操作。你的kerberos提供商是Windows还是别的什么?
On Windows, Kerberos is a native protocol supported by the OS, and many high level Win32 APIs will effectively give you it for free. Making it interop with a non Windows kerberos server is possible but not trivial.
在Windows上,Kerberos是操作系统支持的本机协议,许多高级Win32 API将有效地免费提供给您。使其与非Windows kerberos服务器互操作是可能的,但不是微不足道的。
On UNIX, you may first need to install kerberos client support and get that working - but if your network already has a kerberos server, this may have been done for you already.
在UNIX上,您可能首先需要安装kerberos客户端支持并使其正常工作 - 但如果您的网络已经有kerberos服务器,则可能已经为您完成了此操作。
Windows includes an implementation of GSSAPI as does Java, and most UNIX flavors have an implementation. I believe GSSAPI addons are available for PHP also.
Windows包含GSSAPI的实现,Java也是如此,大多数UNIX风格都有实现。我相信GSSAPI插件也适用于PHP。
If you can add more specifics on your requirements I can firm this answer up a bit.
如果您可以根据您的要求添加更多细节,我可以稍微确定一下这个答案。
#1
Sun covers this in their book Solaris Security for Developers Guide. Specifically helpful to you will probably be Appendix A - Sample C-based GSSAPI programs and Chapter 5 - GSS-API Client Example.
Sun在其“Solaris Security for Developers Guide”一书中介绍了这一点。对您有用的可能是附录A - 基于样本C的GSSAPI程序和第5章 - GSS-API客户端示例。
#2
Have a look at Heimdal, they have an extensive kerberos API, and the site below has a great doxygen install that describes the API.
看看Heimdal,他们有一个广泛的kerberos API,下面的网站有一个很好的doxygen安装来描述API。
#3
GSSAPI is indeed the recommended approach, but the precise details will depend on your language environment and whether you need interop with Windows. Is your kerberos provider Windows or something else?
GSSAPI确实是推荐的方法,但具体细节将取决于您的语言环境以及是否需要与Windows互操作。你的kerberos提供商是Windows还是别的什么?
On Windows, Kerberos is a native protocol supported by the OS, and many high level Win32 APIs will effectively give you it for free. Making it interop with a non Windows kerberos server is possible but not trivial.
在Windows上,Kerberos是操作系统支持的本机协议,许多高级Win32 API将有效地免费提供给您。使其与非Windows kerberos服务器互操作是可能的,但不是微不足道的。
On UNIX, you may first need to install kerberos client support and get that working - but if your network already has a kerberos server, this may have been done for you already.
在UNIX上,您可能首先需要安装kerberos客户端支持并使其正常工作 - 但如果您的网络已经有kerberos服务器,则可能已经为您完成了此操作。
Windows includes an implementation of GSSAPI as does Java, and most UNIX flavors have an implementation. I believe GSSAPI addons are available for PHP also.
Windows包含GSSAPI的实现,Java也是如此,大多数UNIX风格都有实现。我相信GSSAPI插件也适用于PHP。
If you can add more specifics on your requirements I can firm this answer up a bit.
如果您可以根据您的要求添加更多细节,我可以稍微确定一下这个答案。