Perhaps SECBUFFER_TOKEN
you wanted.
How to extract Kerberos token from the output buffer of windows SSPI API?
![](https://techprofile.blob.core.windows.net/images/tjM9HfYxiE6cDNGZoywteQ.png?8DA977)
We have implemented Kerberos using Windows SSPI. The authentication was successful.
We want to store the Kerberos token for the future use.
How could we extract the token from the SecBufferDesc returned by the InitializeSecurityContext?
Also, how to check the token is correct or not?
bool bHaveCtxtHandle = false;
CtxtHandle contextHandle = { 0 };
SecBufferDesc outSecBufDesc;
SecBuffer outSecBuf;
SecBufferDesc inSecBufDesc;
ULONG ContextAttributes = 0U;
PBYTE pOutBuf = new BYTE[pkgInfo->cbMaxToken];
outSecBufDesc.ulVersion = 0;
outSecBufDesc.cBuffers = 1;
outSecBufDesc.pBuffers = &outSecBuf;
outSecBuf.cbBuffer = pkgInfo->cbMaxToken;
outSecBuf.BufferType = SECBUFFER_TOKEN;
outSecBuf.pvBuffer = pOutBuf;
lSecStatus = InitializeSecurityContext(&stCredHandle,
bHaveCtxtHandle ? &contextHandle : NULL,
pcPrincipalName,
ISC_REQ_USE_SUPPLIED_CREDS,
0,
SECURITY_NATIVE_DREP,
bHaveCtxtHandle ? &inSecBufDesc : NULL,
0,
&contextHandle,
&outSecBufDesc,
&ContextAttributes,
&SecurityContextLifetime);
1 answer
Sort by: Most helpful
-
Xiaopo Yang - MSFT 12,231 Reputation points Microsoft Vendor
2021-09-02T06:35:27.66+00:00