Custom transport for Kerberos initial authentication made easy in Heimdal

The Kerberos Heimdal development team announced the support of a new feature that allows a programmer to obtain handle on Kerberos AS-REQ ,AS-REP, TGS-REQ and TGS-REP packets used during initial authentication (Acquisition of a TGT) and feed them to function that implements the Kerberos state machine. With this feature the programmer can use any custom transport protocol to communicate with KDCs. The skeleton of a function for obtaining a TGT would look as follows :

Get_Kerberos_TGT()
{
 
    while(1) {
       ret = krb5_init_creds_step(ctx,inpacket, &outpacket);
       if (ret != CONTINUE)
         break;
       krb5_send_to_kdc_using_custom_transport(outnpacket, &inpacket);
    }
}

Related articles

Windows logon in wireless networks implementing 802.11i

The Kerberized Handover Keying (KHK) protocol

The Kerberos-on-the-web project

Building MIT Kerberos in Windows using MSVS 8

Three issue in Kerberos cross-realm authentication

Browse Kerberos source in HTML

Custom transport for Kerberos initial authentication made easy in Heimdal

Heimdal, MIT and Windows Kerberos howto and documentation

Note on SASL Kerberos5 authentication mechanism

Building Cyrus IMAP with SASL GSSAPI support

Combining Kerberos, EAP and RADIUS for better wireless authentication

Kerberos vulnerability to dictionary attacks

On the EAP GSSAPI authentication method

Authorization in Microsoft network security protocols

Cyrus IMAP with GSSAPI Kerberos - Configuration Howto

CVS and Kerberos authentication: Howto

Labels: reference, kerberos, security, coding