I want to make a program to do traffic authorization using gss-api/kerberos. So far i can contact a SSOS and get a service ticket. If the user does not have a TGT i am doing something similar to kinit in my code.
My code ends with the user having both TGT and service ticket in its cache. The following method will read the token sent by the server.
majorStatus = gss_unwrap (&minorStatus,
inContext,
&inputBuffer,
&outputBuffer,
&encrypted,
NULL;
Right now the outputBuffer is empy. I mean, i am not passing anything myself. Should i be?
I want to contact another server(the service) who will check my ticket and if valid allow me to send traffic through him.
Using GSSAPI how do i validade such thing? I am aware of methods such as wrap/unwrap. Where is the service session key stored in the client? After i receive the ticket in the service server how do i validate it?
I am sorry if i am mixing up some concepts but it's the first time i am working with such a complex API.
Thanks in advance...