Hi! This is my first entry on that wiki so formatting probably won't be perfect. The problem I had to solve was to access an intranet webserver (with my own contents, a database inside) without asking the user for an extra password. So, this server (apache) was integrated into our normal windows authentication system that is, the microsoft kerberos authentication and I had to make use of that. As it turned out, I could use Tcl in its finest tradition as a glue language and utilize windows as it is for all the authentication stuff. Enter WinHTTP. This is a microsoft provided API for use with non-.NET applications and scripts. The script interface is a COM component called WinHttpRequest and can be accessed using tcom, which is contained in the ActiveTcl distribution. A small tcl script that accesses an authenticated website thus looks like this:
#We need tcom package require tcom #set the test URL set MyUrl "http://myintranetwbsite" #Start up the component set WinHttpComp [::tcom::ref createobject "WinHttp.WinHttpRequest.5.1"] #Create the request $WinHttpComp Open "GET" $MyUrl 0 #If WinHttp thinks this is not an intranet website, set security to low. $WinHttpComp SetAutoLogonPolicy 0 #Send the Request, doing all the authentication under the hood $WinHttpComp Send tk_messageBox -type ok -title "Status" -message "[$WinHttpComp Status]\n[$WinHttpComp StatusText]" tk_messageBox -type ok -title "Result" -message "[$WinHttpComp ResponseText]"
Assuming your company uses kerberos (which they ought to) then security "low" does not mean that
What happens is that your encrypted ticket is sent to the server. However, if the server isn't authenticated to your KDC (something your IT department is supposed to guarantee) it can't do anything with it, so it's a bit of a paranoidal precaution that microsoft recommends.
The WinHttp documentation is here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winhttp/http/winhttp_start_page.asp
The kerberos website is http://web.mit.edu/kerberos/
Stuff about microsofts kerberos implementation is here: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/security/kerberos.mspx