Hi Oleg, OK, I was already afraid I was heading into uncharted waters here. ;-) I've already got a handle on how to solve it in Overthere itself but I'll see if I can make my approach into a more general solution for Kerberos encryption in HttpClient. What is the timeline for 4.3 GA?
Thanks! Regards, Vincent. On 23-07-13 09:26, "Oleg Kalnichevski" <[email protected]<mailto:[email protected]>> wrote: On Mon, 2013-07-22 at 15:58 +0000, Vincent Partington wrote: Hi there, The open source library Overthere <https://github.com/xebialabs/overthere> that I maintain use HttpClient to connect to Windows machines using WinRM. The current version can already use HttpClient to authenticate using the Kerberos and SPNego mechanisms, but I also want to add support for Kerberos encryption (wrapping, see https://github.com/xebialabs/overthere/issues/43). For that I need the GSSContext to be "established" but due to the way the KerberosScheme and the SPNegoScheme work with the GSSContext is never is. The final token used in the Kerberos handshake is never passed to the initSecContext method on the GSSContext. I've found a way to do that but it boils down to ripping the stuff that happens inside the KerberosScheme out of it so that I can do it once at the beginning and then reuse the same GSSContext for multiple requests as well as feed it the response token when it comes back. But it feels kinda strange to have to handle it at this level. Am I missing something? Or is this feature just missing? Can I help add it? Regards, Vincent. Vincent We have no good Kerberos / SPNego expertise within the project and mostly rely on external contributors to improve those auth schemes. Just raise a JIRA for this issue and propose a solution by submitting a patch. It is quite likely this is still enough time to get your changes in before 4.3 GA. Cheers Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected]<mailto:[email protected]> For additional commands, e-mail: [email protected]<mailto:[email protected]>
