views:

53

answers:

1

I have a client-server application that needs to be secured by adding server-side authentication. The client user will already be authenticated to LDAP (Active Directory) and will be running a C# GUI. The client connects to a server on a Linux box which uses Centrify for LDAP authentication. As I understand things, the two need to negotiate an SSPI session. Things look fairly simple on the client side (since it's a Windows box), but I'm having trouble finding information on how to attack the Linux side. Any tips?

I would prefer a Ruby or C++ solution, but anything is better than nothing.

Thanks.

(Since the client user is already authenticated on the client machine, he should not have to enter a password in the C# GUI.)

Perhaps I need to use GSSAPI on the Linux side? ...

A: 

I post answer because it is too big for comments.

Your question is incomprehensible to me due to 2 main reasons:

  1. you are asking HOW to do without specifying WHAT you are trying to do
    (you did not even describe your context)
  2. you are using wrong statements so leading (or leaving) reader to multiple choice never ending guessing game. For ex.,
    • authenticating is not securing, it is just identification
    • securing has (any possible) sense only in one place, not both on client and on server separately
    • authentication to LDA and to Active Directory sound to me as to 2 distinct different mechanism and you wrote it as one
    • SSPI is an API used by MS systems
    • etc

It is network infrastructure design and deployment problem.
Either you have your network (decisions) deployed (then you woulв not have questions) or not.
Use one (aka centralized) security-administration system - either Linux-based one, or Windows-based one. There is no sense in discussing many disjoint on many diverse platforms.

So, you have MS AD mounted, as I understood it?
then join Linux server computer to AD on domain controller.

vgv8
What I want to do is something very similar to http://stackoverflow.com/questions/1337923/authenticating-users-using-active-directory-in-client-server-application but my server is Linux, not Windows.
Fantius