Hi all!

I have compiled and successfully tested draft version of library with kerberos authentication code extracted from lighttpd. For the present I have no clear idea how to smoothly integrate kerberos authentication into "http" function

If there is no "Authorization: Negotiate ..." header in the http-request, then pil should answer with 401:
(de http401 ()
   (httpStat 401 "Unauthorized" "WWW-Authenticate: Negotiate") )
If there is "Authorization: Negotiate..." header, pil calls helper library with base64 encoded blob from "Authorization" header. The helper library does kerberos authentication against domain controller and in case of success it writes delegated credentials of the user into temporary cache. That cache can be used for delegated authentication on other domain resources. E.g. pil can call ldapsearch, ldapwhoami etc. Also, login name of the authenticated user is known at this time, and can be used by pil to check/create user in the database...

Best regards,
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Reply via email to