I did an C++ application which supposes to use Kerberos authentication to access HDFS. This application has webserver written on C++ as well.

I'm trying to make transparent authentication in this application with Kerberos ticket.

I made my server response to unauthorized user with:

HTTP/1.1 401 Unauthorized

WWW-Authenticate: Negotiate

The browser reacts with an Authorization field in the header which is looks like this:

Authorization: Negotiate YIIECgYGKwYBBQUCoIID/jCCA/qgCjAIBg...

At this point I got confused about further negotiation with browser to get a proper Kerberos ticket from it.

As I understand I have to use GSSAPI from kerberos5 library to process this Negotiation to acquire the ticket. But I have no idea how to achieve that.

1 Answers

Michael-O On

Inspect mod_auth_gssapi or use a ready to go web server like Apache Web Server.