I did an C++ application which supposes to use Kerberos authentication to access HDFS. This application has webserver written on C++ as well.
I'm trying to make transparent authentication in this application with Kerberos ticket.
I made my server response to unauthorized user with:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate
The browser reacts with an Authorization field in the header which is looks like this:
Authorization: Negotiate YIIECgYGKwYBBQUCoIID/jCCA/qgCjAIBg...
At this point I got confused about further negotiation with browser to get a proper Kerberos ticket from it.
As I understand I have to use GSSAPI from kerberos5 library to process this Negotiation to acquire the ticket. But I have no idea how to achieve that.