On Tue, 2024-06-04 at 12:31 +0000, m_a_n_j_u_...@yahoo.com wrote: > Hi again, > > I am looking at the implementing this (getting Kerberos service > token) in C using Heimdal Kerberos library. > > In Golang using this go package https://github.com/alexbrainman/sspi > it was simply two calls as below: > > cred=negotiate.AcquireCurrentCredentials() > token = negotiate.NewClientContext(cred, spn) > > However it looks bit complex in C using MIT/Heimdal library. I am > looking at this example mentioned in the RFC here > https://datatracker.ietf.org/doc/html/rfc7546.html#section-5.1 > > Just checking if someone has done a similar thing and I am on the > right track. Thank you. >
You are comparing a full loop with just setting up the initial context. The two calls you have on those two lines are indeed equivalent to: maj = gss_acquire_cred(&min, acceptor_name, GSS_C_INDEFINITE, desired_mechs, cred_usage, creds, actual_mechs, NULL); and maj = gss_init_sec_context(min, init_cred, &init_ctx, accept_name, mech_type, GSS_C_DELEG_FLAG, req_lifetime, GSS_C_NO_CHANNEL_BINDINGS, &accept_token, NULL, &init_token, NULL, NULL); Where all those variables are set to default values. Of course this is missing all error handling, and, if you use defaults it will miss many nuances. As Ken suggested you should look at real examples, libcurl may be a way, I can also suggest this library of mine: ttps://github.com/gssapi/mod_auth_gssapi/blob/master/src/mod_auth_gssap i.c -- Simo Sorce Distinguished Engineer RHEL Crypto Team Red Hat, Inc ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos