Description
-
Fires when user wants to authenticate to the
server using Kerberos GSSAPI authentication mechanism.
Syntax
-
Private Sub
object_LoginGSSAPI(User,
Login, TokenData,
Action)
The LoginGSSAPI Event syntax has these parts:
| object |
A wodSSHD object. |
| User |
A SSHUser object. Reference
to object that holds information about the connected
user. |
| Login |
A String value. Holds
login info entered by the user. |
| TokenData |
A String
value. Holds exported security context data. |
| Action |
A SSHActions
enumeration, as described in settings. Return variable
you should set to Allow or Deny,
depending if you will allow or deny access for the
user. |
Settings
-
The settings for Action are:
 |
Deny |
0 |
Deny execution of the
action. |
|
Allow |
1 |
Allow to execute
action. |
Remarks
-
LoginGSSAPI event is fired when the client connects
and tries to authenticate with the server using external Kerberos
server, and GSSAPI authentication mechanism. If Kerberos
authentication is successful, wodSSHServer fires this event for you
to finally decide if you will let user connect or not. While doing
so, you can even use TokenData argument which keeps base64
encoded security context data exported using
ExportSecurityContext API. You can use this in your application
by providing that data to
ImportSecurityContext API.
Due to limitations, Kerberos GSSAPI authentication mechanism can
be (successfully) used only when your application runs as windows
service, under LocalSystem account. When run as regular user
account (even with Administrative privileges) GSSAPI always fails as
result of API calls.
By default, Action variable is
set to Allow - since Kerberos server already allowed
access.
|
LoginGSSAPI
Event
