问题
Are there any libraries for kerberos authentication for iPhone? Heimdal doesn't have a build for iOS.
Are there any examples for using Kerberos to Authenticate to Active Directory server?
回答1:
If Apple does not provide a GSS-API for/on iOS, you are out of luck. You should consult the iOS dev forums at Apple's website. A simple Google search shows that there is no support.
回答2:
iOS 5 (maybe even earlier) does have a GSS.framework that supports Kerberos.
I'm not entirely sure how to use it, though. Apple has sample code here: https://developer.apple.com/library/mac/samplecode/KerberosGSS/
回答3:
Well, Apple says there is somewhat support for GSS API in iOS. But Apple documentation is rather poor on this topic, surprisingly. There is remark in the What's New in iOS 5: General System Security Framework, referencing RFC 2743 (which is all about GSS API including Kerberos) and header files for more details. One line can be seen in iOS Technology Overview: Device Frameworks
When you look at /System/Library/Frameworks/GSS.framework/Versions/A/Headers you can find these headers there:
gssapi_krb5.hgssapi_netlogon.hgssapi_ntlm.hgssapi_spnego.hgssapi.h
Excerpt from gssapi_krb5.h:
...
/*
* kerberos mechanism specific functions
*/
struct krb5_ccache_data;
OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
(OM_uint32 * /*minor*/,
gss_cred_id_t /*cred*/,
struct krb5_ccache_data * /*out*/);
OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
const char * /*name */,
const char ** /*out_name */);
OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
(const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
(const char * /*identity*/);
OM_uint32 GSSAPI_LIB_FUNCTION
gsskrb5_extract_authz_data_from_sec_context
(OM_uint32 * /*minor_status*/,
gss_ctx_id_t /*context_handle*/,
int /*ad_type*/,
gss_buffer_t /*ad_data*/);
/*
* Function declarations
*/
OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_export_lucid_sec_context(OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
OM_uint32 version,
void **kctx);
OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_free_lucid_sec_context(OM_uint32 *minor_status,
void *kctx);
OM_uint32 GSSAPI_LIB_FUNCTION
gss_krb5_set_allowable_enctypes(OM_uint32 *minor_status,
gss_cred_id_t cred,
OM_uint32 num_enctypes,
int32_t *enctypes);
GSSAPI_CPP_END
...
So one would expect that there must be some support. As I'm SO rookie and have low reputation at the moment, I can provide only two links.
来源:https://stackoverflow.com/questions/8867680/kerberos-authentication-on-iphone