예제 #1
0
		/// <exception cref="NSch.JSchException"></exception>
		public virtual void Create(string user, string host)
		{
			try
			{
				// RFC 1964
				Oid krb5 = new Oid("1.2.840.113554.1.2.2");
				// Kerberos Principal Name Form
				Oid principalName = new Oid("1.2.840.113554.1.2.2.1");
				GSSManager mgr = GSSManager.GetInstance();
				GSSCredential crd = null;
				string cname = host;
				try
				{
					cname = Sharpen.Extensions.GetAddressByName(cname).ToString();
				}
				catch (UnknownHostException)
				{
				}
				GSSName _host = mgr.CreateName("host/" + cname, principalName);
				context = mgr.CreateContext(_host, krb5, crd, Sharpen.GSSContext.DEFAULT_LIFETIME
					);
				// RFC4462  3.4.  GSS-API Session
				//
				// When calling GSS_Init_sec_context(), the client MUST set
				// integ_req_flag to "true" to request that per-message integrity
				// protection be supported for this context.  In addition,
				// deleg_req_flag MAY be set to "true" to request access delegation, if
				// requested by the user.
				//
				// Since the user authentication process by its nature authenticates
				// only the client, the setting of mutual_req_flag is not needed for
				// this process.  This flag SHOULD be set to "false".
				// TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
				//context.requestMutualAuth(false);
				context.RequestMutualAuth(true);
				context.RequestConf(true);
				context.RequestInteg(true);
				// for MIC
				context.RequestCredDeleg(true);
				context.RequestAnonymity(false);
				return;
			}
			catch (GSSException ex)
			{
				throw new JSchException(ex.ToString());
			}
		}
예제 #2
0
		public GSSContext CreateContext (GSSName host, Oid oid, GSSCredential crd, int flags)
		{
			throw new NotImplementedException ();
		}
예제 #3
0
		public GSSName CreateName (string s, Oid oid)
		{
			throw new NotImplementedException ();
		}