Re: A little report about kerberos authentication

[Alexander Burger]

Hi all,

On Wed, May 23, 2012 at 09:07:18AM +0600, Mansur Mamkin wrote:
 I think all right with Libraries

OK. Done :)
-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: A little report about kerberos authentication

[Mansur Mamkin]

Hi all!
I'm glad to share fresh-prepared kerbauth library (README included in 
the tarball): http://picolisp.com/5000/!wiki?kerbauth

Comments and questions are welcome.

Best regards,
Mansur Mamkin


--
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe

Re: A little report about kerberos authentication

[Alexander Burger]

Hi Mansur,

 For the present I have no clear idea how to smoothly integrate
 kerberos authentication into http function
 
 If there is no Authorization: Negotiate ... header in the
 http-request, then pil should answer with 401:
 ---
 (de http401 ()
(httpStat 401 Unauthorized WWW-Authenticate: Negotiate) )
 ---
 If there is Authorization: Negotiate... header, pil calls helper
 library with base64 encoded blob from Authorization header.

The HTTP header is parsed in the function '_htHead', local to 'http'.

You could introduce a new global variable '*Authorization'. Insert it
into the third line of 'http'

  (off *Authorization *Post ...)

and put a new clause in the 'cond' of '_htHead' where the HTTP headers
are parsed

  (cond
 ((match '(~(chop Authorization: ) . @X) L)
(setq *Authorization @X) )
 ((match '(~(chop Host: ) . @X) L)
(fifo 'Pil (cons '_htHost @X)) )
 ...

Then you can check the value of '*Authorization' in the application
whenever needed.

Does this help?

Cheers,
- Alex
-- 
UNSUBSCRIBE: mailto:picolisp@software-lab.de?subject=Unsubscribe