How can I get a Kerberos ticket with Delphi?
Asked Answered
A

2

8

Are there examples which show how Delphi invokes the Active Directory Kerberos server to request a ticket granting ticket / normal ticket?

Background: the ticket is required for authentification to a web service which exchanges confidential information.

Edit: a short source code example would be very helpful. I have found the JEDI Windows Security Code Library which is very impressing. I am not sure if it contains support for Kerberos.

Arjan answered 27/6, 2009 at 8:14 Comment(1)
see quality.embarcadero.com/browse/RSP-15455Arjan
C
6

According to this you should be able to get one with the InitializeSecurityContext windows API call.

Crossroads answered 27/6, 2009 at 8:55 Comment(3)
Thank you for the link - however to use it in Delphi it looks like many API record structures have to be created and filled first. I have started a bounty, maybe somebody can share some code.Arjan
Most Win32 API headers have been converted under the JEDI project (jedi-apilib.sourceforge.net), and if it's not there I usually use google's codesearch (google.com/codesearch?q=initializesecuritycontext+lang:pascal) to find hat I need.Crossroads
There is some old code here cc.embarcadero.com/Item/16213 that demonstrates how to call InitializeSecurityContext with NTLM credentials. It may be a decent start for anyone attempting to get a Kerberos ticket.Tillford
F
1

First read Kerberizing Applications Using Security Support Provider Interface to get the general idea. InitializeSecurityContext is described as following:

Initiates a security context by generating a security token that must be passed to the server. The application that uses this function is called an SSPI client.

On msdn, the list of SSPI functions can be found in Authentication Functions.

For actual example code, see Win32 samples's SSPI page. You probably find client.cpp to be useful. Another similar example is GssClient.c. Both code are running it in a loop because the conversation keeps going if SEC_I_CONTINUE_NEEDED is returned.

Figurate answered 4/7, 2009 at 19:44 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.