0

Sorry for my question if it's obvious but I came from developing in the embedded world.

I m trying to develop a simple windows application in c/c++ to authenticate through KDC using either GSSAPI or Kerberos API directly. The assumption is the KDC and the server components are already in place. I think I understand how the whole process of authentication through Kerberos works between client, server and the KDC.

The problem is I don't know where to start to start using the GSSAPI or Kerberos API. I m using window 8 with visual studio 2013. Does windows SDK already pre-package with GSSAPI/Kerberos V5 API(maybe SSPI) for developer to start calling? I read on the web that application would need to go through SSPI to access the Kerberos API. Is that true? Seems like I can also download the Kerberos V5 SDK from MIT website but getting it to compile in windows is not simple.

I guess my question is what do I need to get start? I am struggling to see how all these different pieces fit together. Anyone who went through what I m going through or who can help is much appreciated.

Thanks

tykt77
  • 11
  • 1
  • 3
  • 1
    I voted to close your question as too broad because as I see it it lacks a specific well defined scope. Can you try to narrow it down a lit bit? – Daniel Jour Sep 21 '17 at 20:07
  • 2
    The Windows OS leverages SSPI to speak Kerberos to the KDC (which btw runs on an Active Directory domain controller). You're chasing down the wrong path thinking you need to use GSSAPI or Kerberos API or by thinking you need to download the Kerberos V5 SDK from MIT. You need none of those things, as SSPI is the GSSAPI equivalent on Windows and contains the Microsoft version of the Kerberos APIs anyway. – T-Heron Sep 21 '17 at 23:55
  • @T-Heron, I think understand my problem. So you suggested I should just focus on using SSPI to get my application to talk Kerberos with the KDC and the service server since SSPI can talk Kerberos anyway. I think I will start with that. As a follow up question, since I am writing my client app in c/c++ and if I want this client app to be ported to a *nix system will it make sense then to use the Kerberos SDK directly from MIT? Thanks. – tykt77 Sep 25 '17 at 19:15

1 Answers1

1

I came across the same problem and saw this Q unanswered if someone hasn't had much experience in this domain then it might makes sense to look at the following:

On *nix you mostly have to rely on GSSAPI, they are popular hopefully there will be a port for your environment.

amritanshu
  • 777
  • 13
  • 25