0

I have successfully installed ldap and kerberos. I was also able to make a simple c program with SASL/GSSAPI to search data in my ldapserver?

But I was not find any article (that I can follow easily) on how to use the the single sign on functionality in a client server system? I am not even sure how the communication between client and server happens in SSO.

How would a server know that client is a valid client?
Are there any sample examples/tutorials to make such a system?

Edit: The server can be as simple as receiving hello from authenticated client. So client should have kerberos ticket and server should verify the ticket if it is valid or not.

Gaurav
  • 2,003
  • 1
  • 25
  • 50
  • Please tell us more about your client and server setup, then I will be able to help you get started. – Michael-O Aug 09 '13 at 20:24
  • @Michael-O the server is running in linux environment and I could connect to it using linux client but i want to connect to it using a simple windows program – Gaurav Aug 13 '13 at 11:44
  • If you want to connect with a Windows app, you need to use [Windows's implementation](http://msdn.microsoft.com/en-us/library/windows/desktop/aa379453%28v=vs.85%29.aspx) of SASL. It has GSS-API support. As far as I know, Cyrus SASL does not support GSS-API on Windows. – Michael-O Aug 13 '13 at 12:52

1 Answers1

0

I could compile gsspapi program using libs and dll provided by MIT. the files I needed were gsskrb5.dll,gssapi32.lib,comerr32.lib

These will depend upon the version of kerberos for which they were compiled but I was successful in compiling the example given by mit http://web.mit.edu/macdev/KfM/KerberosFramework/Kerberos5/Tools/GSSExample/ using MinGW gcc compiler after few tweaks.

However I could not communicate successfully using SSPI api by microsoft (that may be due to my lack of knowledge)

Gaurav
  • 2,003
  • 1
  • 25
  • 50