Re: tcl and windows authentication...

Volker Hetzer wrote:
Michael Schlenker schrieb:
Volker Hetzer schrieb:
Eckhard Lehmann schrieb:
Volker Hetzer wrote:
How do I authenticate this? Our users have logged on to our intranet,
which uses domain (kerberos) authentication I've been told.
For TLS/SSL see the dqkit announcement today, it includes openssl self

For the other parts, i don't really know what i'm talking about, so
maybe its totally off track:
For user authentication you can perhaps use something like the SASL
stuff from tcllib in combination with your kerberos tokens. Take a
look at some of the code in the tcllib http module, maybe you can use
it as a start.
I think I got it solved. Windows has a special http api, called WinHTTP.
That in turn can be accessed using a COM component called WinHttpRequest.
This component has it all built in and I've just downloaded a very small
jscript from the mickeysoft site where I only had to insert one line of
code for it to authenticate itself against one of our intranet servers.
If the tcom package bears with me on this one someone ought to buy the
activestate guys a beer.

Btw, here is the jscript:
function getText(strURL)
var strResult;
// Create the WinHTTPRequest ActiveX Object.
var WinHttpReq = new ActiveXObject("WinHttp.WinHttpRequest.5.1");
// Create an HTTP request.
var temp = WinHttpReq.Open("GET", strURL, false);

//This is the important bit in case winhttp can't figure out the
//proxy settings (which it normally can't).

// Send the HTTP request.
// Retrieve the response text.
WScript.Echo( WinHttpReq.Status + " " + WinHttpReq.StatusText);
strResult = WinHttpReq.ResponseText;
catch (objError)
strResult = objError + "\n"
strResult += "WinHTTP returned error: " +
(objError.number & 0xFFFF).toString() + "\n\n";
strResult += objError.description;
// Return the response text.
return strResult;


I haven't got the time for the tcom setup right now but this ought to show
how it's supposed to go.

After reading the MSDN page for WinHTTP this seems like a variant to the
NTLM authentication that Pat Thoyts implemented in the SASL package in
tcllib, only for kerberos, so it should be doable in Tcl if you have a
small extension to get at the kerberos tokens.