On Mon, 2013-07-22 at 15:58 +0000, Vincent Partington wrote: > Hi there, > > The open source library Overthere <https://github.com/xebialabs/overthere> > that I maintain use HttpClient to connect to Windows machines using WinRM. > The current version can already use HttpClient to authenticate using the > Kerberos and SPNego mechanisms, but I also want to add support for Kerberos > encryption (wrapping, see https://github.com/xebialabs/overthere/issues/43). > > For that I need the GSSContext to be "established" but due to the way the > KerberosScheme and the SPNegoScheme work with the GSSContext is never is. The > final token used in the Kerberos handshake is never passed to the > initSecContext method on the GSSContext. I've found a way to do that but it > boils down to ripping the stuff that happens inside the KerberosScheme out of > it so that I can do it once at the beginning and then reuse the same > GSSContext for multiple requests as well as feed it the response token when > it comes back. But it feels kinda strange to have to handle it at this level. > > Am I missing something? Or is this feature just missing? Can I help add it? > > Regards, Vincent. > >
Vincent We have no good Kerberos / SPNego expertise within the project and mostly rely on external contributors to improve those auth schemes. Just raise a JIRA for this issue and propose a solution by submitting a patch. It is quite likely this is still enough time to get your changes in before 4.3 GA. Cheers Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
