I'm using GSASL in an application running as well on Fedora as on Windows XP, where I in the latter case build it with mingw. I'm in the process of adding support for using Kerberos tickets in the application.
My idea is that I use a Kerberos authentication application, such as the MIT Network Identity
Manager on Windows, to retrieve ticket granting tickets. My application links with a GSSAPI library, and when I use SASL, my hope is that if I choose to use the "GSSAPI" mechanism the result would be that the GSSAPI implementation retrieves the correct ticket granting ticket from the local credentials cache (kept by the Kerberos authentication application), communicates with the ticket granting server and gets a service ticket that I can use in communication with the service I want to use.
On Linux, this works great and exactly as I was hoping. First I run the MIT "kinit" application, which gets me a ticket (confirmed by calling "klist"). In my application, I use GSASL as the SASL implementation, and when I run the application with a valid ticket in the ccache, GSASL hides all the magic of calling the GSSAPI, finding the correct TGT, communicating with the TGS and retrieving the service ticket. So from my applications point of view there is no real difference between using e.g. DIGEST-MD5 and GSSAPI.
In Windows I use the Gnu GSS version 0.1.5 implementation of GSSAPI, built with mingw. When I start my application, it links with the "libgss-1.dll" library and GSASL confirms that it supports the GSSAPI mechanism. However, running the exact same code as in Linux, calling GSASL with the required property values, I no longer get data to send to the service server, but instead I get an error, and no network communication (with the TGS/kdc) seems to have been attempted by the GSSAPI.
My question is if I can use GSASL+Gnu GSS, built on mingw, to find locally cached TGT and retrieve an associate service ticket on Windows XP, and if this requires any special Kerberos authentication client (such as or instead of MIT Network Identity Manager), any special configuration and/or any special way of building the GSASL and/or Gnu GSS libraries (right now I simply do "configure"+"make"+"make install").
If GSASL and/or Gnu GSS cannot be used to retrieve locally cached TGT:s on Windows XP, what SASL and/or GSS implementations should they be replaced by, and where can these be found?
Is there a GSS dll available, compatible with the Gnu GSS dll interface, that I can use instead of the libgss-1.dll generated when I build the Gnu GSS library, to get the behavior I want?