Back to product page

LoginGSSAPI event


Fires when user wants to authenticate to the server using Kerberos GSSAPI authentication mechanism.

Syntax

  • Basic
Private Sub object_LoginGSSAPI(User, Login, TokenData, Action)  
The LoginGSSAPI(object,User,Login,TokenData,Action) syntax has these parts:
objectA wodSSHD object.
UserA SSHUser object. Reference to object that holds information about the connected user.
LoginA String value. Holds login info entered by the user.
TokenDataA String value. Holds exported security context data.
ActionA SSHActions enumeration, as described in settings. Return variable you should set to Allow or Deny, depending if you will allow or deny access for the user.

Remarks

The settings for Action are:

Constant Value Description
Deny0 Deny execution of the action.
Allow 1 Allow to execute action.


LoginGSSAPI event is fired when the client connects and tries to authenticate with the server using external Kerberos server, and GSSAPI authentication mechanism. If Kerberos authentication is successful, wodSSHServer fires this event for you to finally decide if you will let user connect or not. While doing so, you can even use TokenData argument which keeps base64 encoded security context data exported using ExportSecurityContext API. You can use this in your application by providing that data to ImportSecurityContext API.

Due to limitations, Kerberos GSSAPI authentication mechanism can be (successfully) used only when your application runs as windows service, under LocalSystem account. When run as regular user account (even with Administrative privileges) GSSAPI always fails as result of API calls.

By default, Action variable is set to Allow - since Kerberos server already allowed access.

Platforms

Windows