更新时间:2023-12-03 23:05:40
在我看来,您正在尝试重新实现kerberos.在我看来,您想让GSSAPI保护客户端和服务器之间的传输;因此您的客户端需要向服务器进行身份验证.
seems to me in a round about way, you are trying to re-implement kerberos. Seems to me that you want to GSSAPI secure the transport between client and server; so your client needs to authenticate to the server.
典型的方法是使用密钥表"kinit"给主妇,然后将该证书传递给服务器. Kerberos确保它相当难以伪造.
Typical way of doing this would be to 'kinit' to a prinicpal using a keytab, and then passing this credential to the server. Kerberos ensures that it's reasonably hard to fake.
这可能会比您上面描述的方法脆弱一些.
that's probably going to be a little less brittle than the method that you describe above.
-王牌