Project

win32-sspi

0.0
No commit activity in last 3 years
No release in over 3 years
win32-sspigarysick/win32-sspiHomepageDocumentationSource CodeWiki
A SSPI library for Ruby on Windows using FFI under the hood. Supports NTLM and Negotiate protocols. See examples for usage.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
2,111
Stars
1
Forks
3
Watchers
3
 Releases
Current version
0.0.1.rc1
Total releases
1
First release
2015-11-02
Latest release
2015-11-02
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2015-10-19
Reverse Dependencies
1

 Dependencies

Development

test-unit
~> 3.0

Runtime

ffi
~> 1.9
 Project Readme

This project is a fork of djbergers win32-sspi project which provided the beginnings of a an FFI implementation of SSPI on Windows. This project adds support for Kerberos through the SPNEGO/Negotiate protocol.

The examples directory has working examples to illustrate usage. The sspi_negotiate_*.rb files are client/server examples of using Kerberos through SPNEGO/Negotiate protocol. In order to be used successfully across multiple systems in your domain you must define a Service Principal Name (SPN) associated with the user account under which the server is running unless the server is running as a Windows Service under the LocalSystem account. To establish a SPN use the setspn command as follows from a elevated privilege command window:

  setspn -S HTTP/fqdn-of-your-host USERDOMAIN\USERNAME

The SPN you establish must be passed to the Client constructor with the spn option in order to succesfully connect and authenticate with the server.

The negotiate client/server implementations are also capable of supporting the NTLM protocol. To do so specify the auth_type option as 'NTLM' on the construction of the client. The user name and user domain will be taken from the environment and will use the current logged in users security context to authenticate with the server. Otherwise passing the options username, domain, password to the client constructor will establish a different security context for the given username to authenticate against.