METHOD AND APPARATUS FOR TRANSMITTING ADDITIONAL AUTHORIZATION DATA VIA GSSAPI

摘要

A system and method for using a GSSAPI security token to transport additional non-GSSAPI data that includes authorization data used by third-party software. The system includes a hook that intercepts a client process's interactions with the GSSAPI. When a client process requests a security context from the GSSAPI, the hook intercepts the security token the GSSAPI provides for the client process. The hook checks to see if there is additional authorization data to transport, adds the additional data to the security token, then gives the token to the client process. The client process sends the security token to the server process, which submits the token to the GSSAPI for evaluation. A hook on this computer intercepts the security token, removes additional data added earlier, gives the added authorization data to a version of the third-party authorization software, then passes the now-unaltered security token to the server process which uses the security token to finish establishing a security context with the client process.

主权项

1. A system for enabling an authorization process to provide extended authorization for a security context for a client-server connection for a first computer comprising:
a generic security service application program interface (GSSAPI) and a client process running on said first computer, said GSSAPI configured to create a security token for said client process to send to a second computer; a module configured to intercept the security token created by said GSSAPI, accept non-operating-system authorization data from said authorization process to be added to said security token and return said security token with said added data to said client process; said client process configured to request a security context using said security token with said added data from a server process running on a second computer.