Questions tagged [kerberos]

Ask Question

Kerberos is a single sign-on (SSO) network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.

3,339 questions
Newest
Active
Bountied
Unanswered
Filter by
Sorted by
Tagged with
115votes
49answers
409kviews

The target principal name is incorrect. Cannot generate SSPI context

I am struggling to get a SQL Server connection from machine A to machine B which is running the SQL Server. I have Googled extensively and all the things I have found have not worked. Nor do they ...
user avatar
TheEdge
  • 8,541
85votes
5answers
177kviews

How do I get JSON data from RESTful service using Python?

Is there any standard way of getting JSON data from RESTful service using Python? I need to use kerberos for authentication. some snippet would help.
user avatar
Bala
  • 4,117
69votes
3answers
57kviews

Security & Authentication: SSL vs SASL

My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with a key exchange method (like Diffie-Hellman) to provide secure encryption and identification services between ...
user avatar
IAmYourFaja
  • 52.6k
55votes
7answers
52kviews

Difference between SSL and Kerberos authentication?

I am trying to understand what's the actual difference between SSL and Kerberos authentications, and why sometimes I have both SSL traffic and Kerberos. Or does Kerberos use SSL in any way? Anyone ...
user avatar
Layla
  • 4,075
47votes
3answers
25kviews

SFTP connection through Java asking for weird authentication

So I'm writing a little program that needs to connect to a remote server through SFTP, pull down a file, and then processes the file. I came across JSch through some answers here and it looked perfect ...
user avatar
cardician
  • 2,391
43votes
9answers
87kviews

Simple Kerberos client in Java?

Applications such a Google's Chrome and IE can transparently handle Kerberos authentication; however I can not find a "simple" Java solution to match this transparency. All of the solutions I have ...
user avatar
Andrew White
  • 51.3k
39votes
0answers
7kviews

How to use gssapi kerberos in c / c++ client server cross-platform programs? [closed]

I had to "sporadically" work with Heimdal / MIT Gssapi for kerberos authentication over past couple of years. I had to build an application that was to be used as a web-service running on a Linux box, ...
user avatar
mdk
  • 5,735
38votes
5answers
56kviews

Kerberos kinit enter password without prompt

I was looking at this: http://docs.oracle.com/javase/7/docs/technotes/tools/windows/kinit.html and noticed that it says I could use the "password flag". I am not sure how to do this though? Can I ...
user avatar
user754905
  • 1,739
38votes
3answers
73kviews

When using --negotiate with curl, is a keytab file required?

The documentation describing how to connect to a kerberos secured endpoint shows the following: curl -i --negotiate -u : "http://<HOST>:<PORT>/webhdfs/v1/<PATH>?op=..." The -u flag ...
user avatar
Chris Snow
  • 22.1k
36votes
2answers
34kviews

How can I fix the Kerberos double-hop issue?

I'm having some trouble calling a web service from within a web application and I was hoping someone here might be able to help. From what I can tell, this seems to have something to do with the ...
user avatar
Steve Platz
  • 2,195
36votes
2answers
2kviews

Secure this invaluable documentation on using C/C++ with GSSAPI and SASL

I have been working on using GSSAPI in c/c++ applications, for some time now. Obviously I had to google and research a lot. One of the most interesting documentation I discovered was on Sun's old web-...
user avatar
mdk
  • 5,735
33votes
2answers
74kviews

Lifetime of Kerberos tickets

I have started with configuring kerberos. Can anyone explain the ticket lifetime and renew lifetime we set in the krb5.conf file. ticket_lifetime = 2d renew_lifetime = 7d Is it like After 2 days ...
user avatar
saiyan
  • 501
33votes
1answer
47kviews

What is a keytab exactly?

I am trying to understand how Kerberos works and so came across this file called Keytab which, I believe, is used for authentication to the KDC server. Just like every user and service(say Hadoop) in ...
user avatar
ak0817
  • 798
32votes
3answers
123kviews

How to connect with Java into Active Directory

I am using Weblogic, Ejb3.0. Java 1.6 I need to access Active Directory via Java code. I read about several ways (Kerberos, LDAP) Anyone could advice me on comfortable way of doing so? where could I ...
user avatar
rayman
  • 19.5k
32votes
8answers
22kviews

IIS Returning Old User Names to my application

Here's my scenario. I created an application which uses Integrated Windows Authentication in order to work. In Application_AuthenticateRequest(), I use HttpContext.Current.User.Identity to get the ...
user avatar
Dave Markle
  • 91.6k
30votes
4answers
37kviews

"Defective token detected" error (NTLM not Kerberos) with Kerberos/Spring Security/IE/Active Directory

We are having trouble getting Spring Security/Kerberos/AD to work for our web app. Our diagnosis is that our AD server sending an NTLM token (we can tell as it starts with "TlRMTVNT.....") to IE and ...
user avatar
Andrew Harmel-Law
  • 7,469
30votes
1answer
27kviews

Getting IIS to impersonate the windows user to SQL server in an intranet environment

I am developing an intranet site using C# and ASP.NET MVC. I have SQL Server on one machine and IIS running on a separate machine. I would like a user to visit the intranet site and without prompting ...
user avatar
oceanexplorer
  • 1,199
27votes
1answer
14kviews

Should I call ugi.checkTGTAndReloginFromKeytab() before every action on hadoop?

In my server application I'm connecting to Kerberos secured Hadoop cluster from my java application. I'm using various components like the HDFS file system, Oozie, Hive etc. On the application startup ...
user avatar
Jan Zyka
  • 16.5k
27votes
4answers
36kviews

How to find if NTLM or Kerberos is used from WWW-Authenticate: Negotiate header

I am programming a client application in .Net that communicates with server via HTTP. I need to set different request buffering options in case of NTLM and Kerberos authorization. How to find out ...
user avatar
IT Hit WebDAV
  • 5,333
27votes
2answers
14kviews

mongodb kerberos peer dependency

Trying to install mongodb or mongoose globally results in a missing peer dependency for Kerberos Jamess-MacBook-Pro:ka2 jamessherry$ npm install -g mongodb /usr/local/lib └─┬ mongodb@2.0.48 └── ...
user avatar
user1775718
  • 1,339
24votes
5answers
21kviews

npm install mongoose fails (kerberos and bson errors)

So I'm attempting to launch my node app, but there's a few errors arising from my MongoDB installation. Here are the specs for my dev environment: node => 0.10.33 (installed from nodejs.org) npm => ...
user avatar
Caleb Faruki
  • 2,384
23votes
3answers
39kviews

pass kinit a custom krb5.conf file

I'm using kinit to log into a server that my sys admin didn't anticipate us using. It seems that the default location for the config file is /etc/krb5.conf, but I don't have root access so I can't ...
user avatar
Shep
  • 7,366
23votes
2answers
29kviews

Skipping Kerberos authentication prompts with JSch [duplicate]

I am using the Connect() method in the Ssh Java class below in order to connect to a server using SSH (JSch) and running a command in the server. The problem is that when running Connect() the server ...
user avatar
Haritz
  • 1,624
23votes
10answers
127kviews

Cannot get Kerberos service ticket: KrbException: Server not found in Kerberos database (7) [closed]

I'm developing using the GSSAPI, and I have code which works with a vanilla MIT Kerberos 5 server to do some client/server work. I'm now verifying it's functionality against Active Directory and I've ...
user avatar
ohshazbot
  • 846
22votes
2answers
17kviews

Windows authentication in linux docker container

i am trying to use windows authentication in linux docker container under kubernetes. I am following this settings: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?...
user avatar
Scholtz
  • 1,722
21votes
4answers
9kviews

What TargetName to use when calling InitializeSecurityContext (Negotiate)?

The Question When calling InitializeSecurityContext, what value do i pass to the TargetName parameter? Revised Background I'm calling the function InitializeSecurityContext: ...
user avatar
Ian Boyd
  • 232k
20votes
8answers
40kviews

Get current Windows user name within Silverlight

Is it possible to get the currently logged in user's username with Silverlight? You can assume that user has Windows OS and the Silverlight application is hosted in Internet Explorer. Getting the ...
user avatar
huseyint
  • 14.7k
20votes
2answers
7kviews

Unattended install of krb5-user on Ubuntu 16.04

So, when running: sudo apt-get install krb5-user You are asked to enter the AD/LDAP domain. The problem is that I want this to be able to be run as a startup script for my machines. Is there any way ...
user avatar
user6907792
20votes
1answer
12kviews

How to implement Single Sign On using Spring and Active Directory

I have a Spring based Web App which I would like to implement a Single Sign On solution on. The basic flow would be: 1) User logs in into Windows Workstation/Desktop PC (authenticating against ...
user avatar
Lawrence Tierney
  • 826
19votes
4answers
6kviews

Is there a way in Java or a command-line util to obtain a Kerberos ticket for a service using the native SSPI API?

I want to implement Single Sign On with Kerberos in Java and have successfully managed to create a ticket for the Service using the ticket from the Windows logon. Unfortunately, I can only create that ...
user avatar
user269667
  • 431
18votes
3answers
5kviews

How to test if a kinit is needed?

I would like to add something to my .bashrc file to run a kinit if I need one. Is there a way to test if I need to do a kinit? Something like this: if [ kinitNeeded ]; do kinit; done ...
user avatar
anthonybell
  • 5,340
18votes
2answers
21kviews

"GSSException Defective token detected" - when trying to Authenticate to Tomcat running on Windows using Kerberos

I am struggling to authenticate to a Java web container (I've tried both Tomcat and Jetty) when running on Windows 2012. Every time I try the Negotiate auth scheme I get an error: org.ietf.jgss....
user avatar
Nicholas DiPiazza
  • 8,953
18votes
6answers
36kviews

Kerberos authentication in Node.js https.get or https.request

I'm trying to write a simple script that requests some data from a tool on an internal network. Here is the code: #!/usr/bin/node var https = require('https'); var fs = require('fs'); var options = ...
user avatar
mart1n
  • 5,490
18votes
1answer
41kviews

Java and Kerberos authentication krb5.conf versus System.setProperty

Please help me on a kerberos+Java problem. I have a simple Java program to authenticate to a Windows Active Directory using Kerberos. The following java code works fine without any problems and prints ...
user avatar
Keshav
  • 4,308
17votes
2answers
11kviews

npm install mongoose causes gyp and kerberos errors (gssapi/gssapi.h file not found)

Ubuntu 14.04 nodejs version is v4.1.1 installed with these commands: curl -sL https://deb.nodesource.com/setup_4.x | sudo -E bash - sudo apt-get install -y nodejs mongodb installed via mongodb docs ...
user avatar
CaffeinateOften
  • 541
17votes
2answers
29kviews

Enable detailed logging for kerberos in java

I have a java-based web application that takes the contents of a web form containing a username and password and authenticates using kerberos to a Windows-based domain. The KDC address is apparently ...
user avatar
Mark Wardle
  • 191
17votes
1answer
29kviews

Kerberos authentication with python

I need to write a script in python to check a webpage, which is protected by kerberos. Is there any possibility to do this from within python and how? The script is going to be deployed on a linux ...
user avatar
dertoni
  • 1,763
17votes
2answers
11kviews

How to validate a Kerberos ticket against a server in Java?

we are using JAAS to enable Single Sign On in a Java application using the Windows Kerberos ticket cache. Our jaas.conf config file looks like this: LoginJaas { com.sun.security.auth.module....
user avatar
user269667
  • 431
17votes
2answers
1kviews

How to transform NTLM credentials to Kerberos token in Node.js

I want to build a server using Node.js, which acts as some kind of proxy. The clients that connect to my server use NTLMv2 for authentication (there is no chance to change this), but the upstream ...
user avatar
Golo Roden
  • 125k
16votes
9answers
38kviews

Kerberos - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC

I'm trying to setup SSO for Java WebApp using Kerberos/SpNego. I'm using: Java 1.7u67 org.springframework.security.kerberos 1.0.0.RELEASE Active Directory Tomcat 7 on Linux After overcoming the ...
user avatar
Gunnar Kiesel
  • 723
16votes
1answer
25kviews

HttpClient set credentials for Kerberos authentication

I am trying to authenticate with a kerberos/HTTP host. Using Apache HttpClient as my client - and a slightly modified version of this source. My Kerberos authentication goes perfectly fine, and I wish ...
user avatar
Alavalathi
  • 683
16votes
6answers
10kviews

Single Sign-On Server Authentication in Ruby/Rack

I write and host web applications on Windows servers for intranet usage. My server stack uses Sinatra (which uses Rack), Thin, and (in some cases) Apache for reverse-proxying only. I want to support ...
user avatar
Phrogz
  • 283k
16votes
2answers
15kviews

ASP.Net web application trying to use Impersonation and Delegation to connect to SQL Server

I'm trying to use Impersonation and Delegation in an intranet ASP.Net web-app in order to pass authenticated users' credentials onto a SQL Server. The web server and SQL server are two separate ...
user avatar
Graham Clark
  • 12.7k
14votes
6answers
17kviews

Script Kerberos Ktutil to make keytabs

I want to make a script that will generate the a keytab using ktutil. When running the script I want to use [user]$ script.sh PASSWORD #script.sh echo "addent -password -p PRINCIPAL -k 1 -e aes256-...
user avatar
OrigamiEye
  • 675
14votes
5answers
19kviews

Decrypt kerberos ticket using Spnego

I'm using spnego ( http://spnego.sourceforge.net ) for kerberos authentication under JBoss. I need to decrypt kerberos ticket to access the authorization-data which will containt PAC data. The PAC ...
user avatar
Danubian Sailor
  • 22k
14votes
2answers
35kviews

How to obtain a kerberos service ticket via GSS-API?

Does anyone know how to get a service ticket from the Key Distribution Center (KDC) using the Java GSS-API? I have a thick-client-application that first authenticates via JAAS using the ...
user avatar
Roland Schneider
  • 3,565
14votes
1answer
13kviews

How do I authenticate with Spnego/Kerberos and Apache's HttpClient?

How do I correctly setup a connection with HttpClient that uses the logged in user's ActiveDirectory credentials to authenticate against a website and requires Kerberos/Spnego authentication?
user avatar
chris
  • 2,052
14votes
3answers
5kviews

How to enable Kerberos authentication for remote EJB call on WebSphere?

My application is a stand-alone Swing client invoking EJB Stateless Session beans thanks to classical JNDI lookup and RMI-IIOP method calls. It is started as a Java WebStart application. My aim is to ...
Community wiki
15 revs, 2 users 99%
Yves Martin
14votes
1answer
14kviews

How to make HttpClient use Kerberos?

HttpClient is a Java library to browse websites. I want to use it with Kerberos. The Kerberos part of HttpClient's documentation mostly says: The best way to start is to grab the KerberosHttpClient....
user avatar
Nicolas Raoul
  • 57k
14votes
5answers
27kviews

Java SSO: Kerberos authentication against Active Directory

I'm still trying to find a Java based solution for SSO (running on *nix), which I can use on JBoss to authorize against an Active Directory/domain controller. I initially tried to do this via NTLM, ...
user avatar
MrG
  • 5,177

15 30 50 per page
1
2 3 4 5
67

Your privacy

By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.