Kerberos, GSSAPI and WS
I've a problem and for my knowledge, I'm
not able to solve... I hope in some pointers...
I'm developing a webservice. The client of this SOAP
webservice is written in perl and uses GSSAPI.
For preventing from replay attacks, I would like to make
mutual authentication with my server.
Now, the problem is: in this webservice (the client part),
I call GSSAPI_import, and then I start a context with context_init(),
with the GSS_C_MUTUAL_FLAG set and with GSS_C_NO_CHANNEL_BINDINGS.
First question: what is this flag: GSS_C_NO_CHANNEL_BINDINGS?
Then I send the token to the server via a soap message.
The server should validate the token and returns with another token,
for mutual authentication.
At this time, when the SOAPsever returns with the token,
I've mutual authenticatin, but the context is destroyed!
And now I've to send another command to the soap server (that is,
obviously, stateless), but I've no more session key (I cannot use
GSS_wrap, GSS_unwrap). But I've the ticket valid for the
duration of the tgt.
Second question: how can I reuse this token?
Thanks a lot,
Kerberos mailing list [email]Kerberos@mit.edu[/email]