Back to product page


Called when user wants to authenticate to the server using Kerberos GSSAPI mechanism.




  • Basic
object.LoginGSSAPI Owner, User, Login, TokenData, Action
The LoginGSSAPI(object,Owner,User,Login,TokenData,Action) syntax has these parts:
objectAn expression evaluating to an object of type IwodSSHDNotify.
OwnerA wodSSHD object. Instance of wodSSHServer that called this notification method.
UserA SSHUser object. Reference to user who send his login information.
LoginA String value. Holds login info entered by the user.
TokenDataA String value. Holds exported security context data.
ActionA SSHActions enumeration, as described in settings. Return variable you should set to Allow or Deny, depending if you will allow or deny access for the user.


The settings for Action are:

Constant Value Description
Deny0 Deny execution of the action.
Allow 1 Allow to execute action.

This method is called only if you implemented IwodSSHNotify interface in your application, and wodSSHD.Notification property has received reference to instance of your implementation.

LoginGSSAPI notification method is called when the client connects and tries to authenticate with the server using external Kerberos server, and GSSAPI authentication mechanism. If Kerberos authentication is successful, wodSSHServer calls notification method for you to finally decide if you will let user connect or not. While doing so, you can even use TokenData argument which keeps base64 encoded security context data exported using ExportSecurityContext API. You can use this in your application by providing that data to ImportSecurityContext API.

Due to limitations, Kerberos GSSAPI authentication mechanism can be (successfully) used only when your application runs as windows service, under LocalSystem account. When run as regular user account (even with Administrative privileges) GSSAPI always fails as result of API calls.

By default, Action variable is set to Allow - since Kerberos server already allowed access.