Re: tcl and windows authentication...



Volker Hetzer wrote:
Michael Schlenker schrieb:
Volker Hetzer schrieb:
Eckhard Lehmann schrieb:
Volker Hetzer wrote:
How do I authenticate this? Our users have logged on to our intranet,
which uses domain (kerberos) authentication I've been told.
For TLS/SSL see the dqkit announcement today, it includes openssl self
contained...

For the other parts, i don't really know what i'm talking about, so
maybe its totally off track:
For user authentication you can perhaps use something like the SASL
stuff from tcllib in combination with your kerberos tokens. Take a
look at some of the code in the tcllib http module, maybe you can use
it as a start.
I think I got it solved. Windows has a special http api, called WinHTTP.
That in turn can be accessed using a COM component called WinHttpRequest.
This component has it all built in and I've just downloaded a very small
jscript from the mickeysoft site where I only had to insert one line of
code for it to authenticate itself against one of our intranet servers.
If the tcom package bears with me on this one someone ought to buy the
activestate guys a beer.

Btw, here is the jscript:
function getText(strURL)
{
var strResult;
try
{
// Create the WinHTTPRequest ActiveX Object.
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
// Create an HTTP request.
var temp = WinHttpReq.Open("GET", strURL, false);

////////////////////////////////////////////////////////////////////////
//This is the important bit in case winhttp can't figure out the
//proxy settings (which it normally can't).
WinHttpReq.SetautoLogonPolicy(0);

////////////////////////////////////////////////////////////////////////
// Send the HTTP request.
WinHttpReq.Send();
// Retrieve the response text.
WScript.Echo( WinHttpReq.Status + " " + WinHttpReq.StatusText);
strResult = WinHttpReq.ResponseText;
WScript.Echo("Normal");
}
catch (objError)
{
WScript.Echo("Error");
strResult = objError + "\n"
strResult += "WinHTTP returned error: " +
(objError.number & 0xFFFF).toString() + "\n\n";
strResult += objError.description;
}
// Return the response text.
return strResult;
}

WScript.Echo(getText("http://myintranetwebsite.whatever/";));

I haven't got the time for the tcom setup right now but this ought to show
how it's supposed to go.

After reading the MSDN page for WinHTTP this seems like a variant to the
NTLM authentication that Pat Thoyts implemented in the SASL package in
tcllib, only for kerberos, so it should be doable in Tcl if you have a
small extension to get at the kerberos tokens.

Michael
.



Relevant Pages

  • Re: tcl and windows authentication...
    ... For user authentication you can perhaps use something like the SASL stuff from tcllib in combination with your kerberos tokens. ... Windows has a special http api, called WinHTTP. ... // Create an HTTP request. ... strResult = WinHttpReq.ResponseText; ...
    (comp.lang.tcl)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... until a user logon event. ... the Netdiag utility will show the Kerberos error in this scenario ... On these machines I ... me a plausible starting point to solve my Kerberos authentication problem. ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... I just wanted to let you know there is a known bug in netdiag that reports ... >> mean that kerberos authentication is not being used. ... Three machines are workstations and three are ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... I installed the Resource Kit. ... > mean that kerberos authentication is not being used. ... Three machines are workstations and three are ...
    (microsoft.public.windows.server.security)
  • Re: Kerberos machine authentication - apparent authentication fail
    ... Kerberos result when I hardwired a laptop to a switch port. ... to authenticate with K on reboot AND authentication appears to take place ... > denied access until you can authenticate to a domain controller as a user. ... > You should have logging of account logon events enabled in Domain Controller ...
    (microsoft.public.windows.server.security)