/// <exception cref="NSch.JSchException"></exception>
public virtual void Create(string user, string host)
{
try
{
// RFC 1964
Oid krb5 = new Oid("1.2.840.113554.1.2.2");
// Kerberos Principal Name Form
Oid principalName = new Oid("1.2.840.113554.1.2.2.1");
GSSManager mgr = GSSManager.GetInstance();
GSSCredential crd = null;
string cname = host;
try
{
cname = Sharpen.Extensions.GetAddressByName(cname).ToString();
}
catch (UnknownHostException)
{
}
GSSName _host = mgr.CreateName("host/" + cname, principalName);
context = mgr.CreateContext(_host, krb5, crd, Sharpen.GSSContext.DEFAULT_LIFETIME
);
// RFC4462 3.4. GSS-API Session
//
// When calling GSS_Init_sec_context(), the client MUST set
// integ_req_flag to "true" to request that per-message integrity
// protection be supported for this context. In addition,
// deleg_req_flag MAY be set to "true" to request access delegation, if
// requested by the user.
//
// Since the user authentication process by its nature authenticates
// only the client, the setting of mutual_req_flag is not needed for
// this process. This flag SHOULD be set to "false".
// TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
//context.requestMutualAuth(false);
context.RequestMutualAuth(true);
context.RequestConf(true);
context.RequestInteg(true);
// for MIC
context.RequestCredDeleg(true);
context.RequestAnonymity(false);
return;
}
catch (GSSException ex)
{
throw new JSchException(ex.ToString());
}
}
public GSSContext CreateContext (GSSName host, Oid oid, GSSCredential crd, int flags)
{
throw new NotImplementedException ();
}
public GSSName CreateName (string s, Oid oid)
{
throw new NotImplementedException ();
}