8

Are there examples which show how Delphi invokes the Active Directory Kerberos server to request a ticket granting ticket / normal ticket?

Background: the ticket is required for authentification to a web service which exchanges confidential information.

Edit: a short source code example would be very helpful. I have found the JEDI Windows Security Code Library which is very impressing. I am not sure if it contains support for Kerberos.

mjn
  • 36,362
  • 28
  • 176
  • 378

2 Answers2

6

According to this you should be able to get one with the InitializeSecurityContext windows API call.

Stijn Sanders
  • 35,982
  • 11
  • 45
  • 67
  • Thank you for the link - however to use it in Delphi it looks like many API record structures have to be created and filled first. I have started a bounty, maybe somebody can share some code. – mjn Jun 30 '09 at 08:42
  • 1
    Most Win32 API headers have been converted under the JEDI project (http://jedi-apilib.sourceforge.net/), and if it's not there I usually use google's codesearch (http://www.google.com/codesearch?q=initializesecuritycontext+lang:pascal) to find hat I need. – Stijn Sanders Jun 30 '09 at 10:01
  • 1
    There is some old code here http://cc.embarcadero.com/Item/16213 that demonstrates how to call InitializeSecurityContext with NTLM credentials. It may be a decent start for anyone attempting to get a Kerberos ticket. – Mattl Jul 04 '12 at 10:39
1

First read Kerberizing Applications Using Security Support Provider Interface to get the general idea. InitializeSecurityContext is described as following:

Initiates a security context by generating a security token that must be passed to the server. The application that uses this function is called an SSPI client.

On msdn, the list of SSPI functions can be found in Authentication Functions.

For actual example code, see Win32 samples's SSPI page. You probably find client.cpp to be useful. Another similar example is GssClient.c. Both code are running it in a loop because the conversation keeps going if SEC_I_CONTINUE_NEEDED is returned.

Eugene Yokota
  • 94,654
  • 45
  • 215
  • 319