-
Notifications
You must be signed in to change notification settings - Fork 50
Home
zenchild edited this page Dec 16, 2010
·
4 revisions
This is a wrapper around the system GSSAPI library. It exposes the low-level GSSAPI methods like gss_init_sec_context and gss_wrap and also provides an easier to use wrapper on top of this for common usage scenarios.
Most people will probably be using GSSAPI with Kerberos in a fairly standard way. There is a class called GSSAPI::Simple that provides an easy interface for writing clients and servers for both authentication and message integrity/confidentiality.
Example Authentication using GSSAPI::Simple
require 'httpclient'
require 'base64'
require 'gssapi'
uri = URI.parse "https://example.org/ews/Services.wsdl" # MS Exchange Web Services
service = 'HTTP'
cli = HTTPClient.new
gsscli = GSSAPI::Simple.new(uri.host, service)
token = gsscli.init_context
ext_head = {"Authorization" => "Negotiate #{Base64.strict_encode64(token)}"}
resp = cli.get(uri, nil, ext_head)
itok = resp.header["WWW-Authenticate"].pop.split(/\s+/).last
gsscli.init_context(Base64.strict_decode64(itok))
require 'httpclient'
require 'base64'
require 'gssapi'
uri = URI.parse "https://example.org/ews/Services.wsdl" # MS Exchange Web Services
service = 'HTTP'
cli = HTTPClient.new
gsscli = GSSAPI::Simple.new(uri.host, service)
token = gsscli.init_context
ext_head = {"Authorization" => "Negotiate #{Base64.strict_encode64(token)}"}
resp = cli.get(uri, nil, ext_head)
itok = resp.header["WWW-Authenticate"].pop.split(/\s+/).last
gsscli.init_context(Base64.strict_decode64(itok))