Hi, I want to authenticate an Active Directory User using GSSAPI. The code would be in C++. To be specific here is the scenario:
1] End user adopts/creates one or more Active Directory users using any of the AD integration packages on Linux. 2] In my executable, which would be always running as root, I find out that I need to use AD user and authenticate using GSSAPI 3] I cannot impersonate as the user because that would change user context of whole process. 4] Therefore, I need to somehow find out whether there is already a ticket for that user available (Win32 SDK: AcquireCredentialsHandle, GSSAPI: GSSAPI::Name->import?) 5] If not, process would obtain one. 6] Get the ticket and initialize the security context (Win32SDK: InitializeSecurityContext, GSSAPI: GSSAPI::Context::init?) 7] Get the token and send it for authentication If the process is running in the user context which needs to be authenticated, it's easier and I have perl implemenation of it. But in this case, since process will always be running as root, I don't know if there is a way I can know/get ticket for authentication. Is there a sample/example that can, at least in parts if not completely, illustrate how this can be done using C/C++ somewhere? I found one link on MSDN but don't know whether that's the entire flow/ applicable: http://msdn.microsoft.com/en-us/library/ms995352.aspx Any comments would be welcome. Thanks in advance, -Neel. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
