Client / Server Authentication

Sep 27, 2011 at 10:18 AM

I've been reading a lot on various forums about GSS , SPNEGO , JAAS etc and I think I'm beginning to go in circles so I'm looking for some help to clarify things and see if what I want to do is even possible.


What I'd like to be able to do is to somehow get the kerberos ticket of the currently signed in user on a windows machine (via java or c#), and pass that to a remote server (java on linux) and have the server validate that ticket and allow the user to login to an app.

I've tried various routes, and it seems that with Waffle I can get a users token as a byte[] , but how can I get the server to validate that. I've tried doing 

gsscontext.acceptSecContext(token, 0, token.length); 

on the server side but I get errors along the lines of :

GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

I'm pretty sure theres just something obvious I'm missing and I'm feeling quite dumb now.

Any help or advice gratefully received.

Sep 28, 2011 at 12:50 AM

There's a long thread in Waffle <> GSSAPI here. No solution to specifically what you're asking, but it's a start.