Comments (3)
estokes
commented on August 29, 2024
It was probably a mistake to add that flag. The thing is this library is able to be simple because it is focused on using Kerberos cross platform, however what you're trying to do is use SPNEGO, which is an entirely different GSSAPI mechanism. My understanding is that SPNEGO could result in both sides needing to exchange an arbitrary number of tokens, and negotiating the use of any mechanism supported by gssapi (or sspi in your case). Quite likely your application is actually using ntlm, or certificates, or who knows what.
The point I'm trying to make is, if I tried to build a cross platform high level interface to gssapi/sspi it wouldn't be simple, and the corner cases and bugs I would likely hit are honestly terrifying. IMHO gssapi and sspi should never have existed in the first place, they are trying to make things that aren't remotely similar accessible by one interface.
Rants aside, I'm not sure I want to embark on trying to wrap both these complex beasties up in a high level easy to use library. I will give it some thought. In the mean time I think your best bet is to use the code in windows.rs as an example of how your application can use SSPI to authenticate a web client. You will likely need to generalize it to exchange however many tokens the underling mechanism you are actually using wants to exchange, but it otherwise should be mostly what you want.
from cross-krb5.
estokes
commented on August 29, 2024
Hi @Geobert, it seems I was wrong, while debugging channel bindings I found that I had oversimplified the api even for Kerberos. I had thought that the Kerberos mechanism would always resolve after 1 client token and 1 server token, but unfortunately that isn't the case. Specifically when something goes wrong, multiple tokens need to be exchanged in order to get a readable explanation of what happened, and there might be other cases as well.
I've reworked the api to allow exchanging an arbitrary number of tokens, and I wonder if that will fix your problem.
from cross-krb5.
Geobert
commented on August 29, 2024
Hi, thanks for the heads up, but we've forked the windows.rs and I've customized it to fit our needs (removed parameters here and there, etc.) and reached a staged where it fulfills our needs.
I'll keep you posted if we decide to switch back to your crate :)
from cross-krb5.
Related Issues (9)
- SSPI Explodes with out of memory when passed a negotiate token instead of a native kerberos token HOT 13
- Build is failing on Windows with 0.2.1 HOT 1
- vendoring the libkrb5 in mac and linux
- Add gss_wrap_size_limit() like functionality
- Allow `GSS_C_NT_HOSTBASED_SERVICE` with `ClientCtx::new(...)`
- Can this be used under Windows and PHP directly?
- Cannot debug error raised when using client()
- Update `libgssapi` to 0.7.1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cross-krb5.