hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vincent Partington <vparting...@xebialabs.com>
Subject Fully established GSSContext for Kerberos encryption (wrapping)
Date Mon, 22 Jul 2013 15:58:08 GMT
Hi there,

The open source library Overthere <https://github.com/xebialabs/overthere> that I maintain
use HttpClient to connect to Windows machines using WinRM. The current version can already
use HttpClient to authenticate using the Kerberos and SPNego mechanisms, but I also want to
add support for Kerberos encryption (wrapping, see https://github.com/xebialabs/overthere/issues/43).

For that I need the GSSContext to be "established" but due to the way the KerberosScheme and
the SPNegoScheme work with the GSSContext is never is. The final token used in the Kerberos
handshake is never passed to the initSecContext method on the GSSContext. I've found a way
to do that but it boils down to ripping the stuff that happens inside the KerberosScheme out
of it so that I can do it once at the beginning and then reuse the same GSSContext for multiple
requests as well as feed it the response token when it comes back. But it feels kinda strange
to have to handle it at this level.

Am I missing something? Or is this feature just missing? Can I help add it?

Regards, Vincent.

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message