问题
I've been trying to work out how to use GSSAPI to authenticate with an IIS server on an Active Directory domain by working through the code for tutorials from Oracle and I'm having trouble establishing a context.
The way the tutorial sends tokens is by first sending an integer, then sending the token. This works, of course, with the tutorial server, because it's expecting that. What I don't know, though, is whether this is the correct protocol for GSSAPI interaction in general?
RFC4121 section 4 and RFC2743 section 3.1 seem to suggest that there's a bit more than that (some sort of tag, then the length, but adjusted a bit, then an Oid [of the requested mechanism, I assume] and its length etc.).
Is this referring to the internal structure of the token? Or is it specific to some implementations? Or is that the protocol IIS (and, presumably, all other GSSAPI supporting servers/hosts) would follow?
Also, if it is what's meant to be followed, why would the tutorial not follow, or at least mention, that? Isn't GSS meant to be Generic? Is it normal for this to happen?
Thanks in advance :)
来源:https://stackoverflow.com/questions/41276742/protocol-for-sending-gss-tokens