How can I get a Kerberos ticket with Delphi?
-
20-08-2019 - |
Question
Are there examples which show how Delphi invokes the Active Directory Kerberos server to request a ticket granting ticket / normal ticket?
Background: the ticket is required for authentification to a web service which exchanges confidential information.
Edit: a short source code example would be very helpful. I have found the JEDI Windows Security Code Library which is very impressing. I am not sure if it contains support for Kerberos.
Solution
According to this you should be able to get one with the InitializeSecurityContext windows API call.
OTHER TIPS
First read Kerberizing Applications Using Security Support Provider Interface to get the general idea. InitializeSecurityContext
is described as following:
Initiates a security context by generating a security token that must be passed to the server. The application that uses this function is called an SSPI client.
On msdn, the list of SSPI functions can be found in Authentication Functions.
For actual example code, see Win32 samples's SSPI page. You probably find client.cpp to be useful. Another similar example is GssClient.c. Both code are running it in a loop because the conversation keeps going if SEC_I_CONTINUE_NEEDED
is returned.