On Tue, 26 Sep 2006 22:11:37 +0800
"lizhong" wrote:

> You can see that the "token" in jdk and C lib in linux are a little different.The msg sent by the java client is like this:
> ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++
> | token.length(4Bytes) | token("token.length" bytes) |
> ++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++
> But the C server receives msgs in this form:
> ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++
> | flags(1Byte) | token->length(4bytes) | token("token->length" bytes) |
> ++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++
> I can change the code of C server to meet the form of the token generated by java, but I don't know how are the tokens generated by java. The "token" of java implements obviously includes the "flag" value, and the "flag" value is not a part of token in C implements.
> Could someone help me with this ? Thank you !

GSSAPI does not define how tokens are exchanged between the client and
server. GSSAPI only specifies that a token emitted by initSecContext
will be suitable for consumption by an acceptSecContext routine and
any token emitted by acceptSecContext will be adequate for passing to

In short, add a 1 byte flags field and make sure the length field is
encoded using the same endianess. Then it will work.


Michael B Allen
PHP Active Directory SSO
Kerberos mailing list Kerberos@mit.edu