gssapi

How to install gssapi python module on windows?

為{幸葍}努か 提交于 2019-12-10 13:23:52
问题 I am currently trying to get the gssapi module for python to run on windows. My goal is to authenticate with an Active Directory using python module ldap3. gssapi is an requirement for this to work. However, installation fails because it cannot find krb5-config. On Linux it is easy to install. I installed Kerberos for Windows but it does not have krb5-config and I could not find it anywhere else (other than for Linux). Does anyone know where to find the required tools or how to continue (if

SASL bind over GSSAPI using kerberos credentials with ldap_sasl_bind_s function

回眸只為那壹抹淺笑 提交于 2019-12-10 10:07:04
问题 I am trying to implement SASL bind over GSSAPI using kerberos credentials with ldap_sasl_bind_s function. I follow to the steps described in ldap_sasl_bind_s(GSSAPI) - What should be provided in the credentials BERVAL structure chain I get expected return values for all calls described in the mentioned chain, until the last(third) call to ldap_sasl_bind_s, which fails with LDAP_INVALID_CREDENTIALS error. Also I see the following error occurs in the windows event viewer Error value: 80090308:

GSSException: Message stream modified (41)

倾然丶 夕夏残阳落幕 提交于 2019-12-10 02:59:02
问题 I'm working with an LDAP in forest architecture (all servers and my server are windows). I'm binding to the AD using NTLM authentication. I have a JAVA code that perform the operations against the LDAP server. The code is wrapped as a tomcat servlet. When running the JAVA code directly (just executing the LDAP authentication code as an application), the bind works both against the local domain (local domain = I logged in to windows, and ran this process with a user of this domain) and foreign

Java Kerberos authentication seems to work, still gets rejected

半城伤御伤魂 提交于 2019-12-09 09:37:48
问题 I've got a Java client app and a Java server app, and I'm trying to authenticate to the server via Kerberos. The client basically uses http-components and SPNEGO to make a HTTP GET call, but I always get 401 Unauthorized as a result. I can not spot the error in the Kerberos login sequence below, maybe you guys can: Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa lse principal is

MIT Kerberos tool makes JAAS able to access the Windows LSA? How to do it without the tool

房东的猫 提交于 2019-12-08 20:01:36
Running a Java app using JAAS i got a surprising effect: The Java client-application wasn't able to access windows LSA, until i installed the MIT Kerberos tool 'kfw-4.0.1-i386.msi' ? The JAAS conf file settings: WEBSTART_CLIENT_CONTEXT { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true doNotPrompt=false debug=true; } Running Java 1.8 on Windows 7 I got the logging using -Dsun.security.krb5.debug=true left without MIT tool installed, fails right with the MIT tool installed, succeeds I tried setting the registry key HKEY_LOCAL_MACHINE\System

MIT Kerberos tool makes JAAS able to access the Windows LSA? How to do it without the tool

送分小仙女□ 提交于 2019-12-08 08:24:28
问题 Running a Java app using JAAS i got a surprising effect: The Java client-application wasn't able to access windows LSA, until i installed the MIT Kerberos tool 'kfw-4.0.1-i386.msi' ? The JAAS conf file settings: WEBSTART_CLIENT_CONTEXT { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true doNotPrompt=false debug=true; } Running Java 1.8 on Windows 7 I got the logging using -Dsun.security.krb5.debug=true left without MIT tool installed, fails right with the

how to use gss_import_name correctly?

╄→尐↘猪︶ㄣ 提交于 2019-12-08 04:53:18
问题 I am using gss_import_name on the client side using GSS_C_NT_HOSTBASED_SERVICE to get a principal like service/server-host@realm. I am calling like this, gss_import_name(status, "SERVICE", GSS_C_HOSTBASED_SERVICE, output_name); But i get the principal like, service/local-machine@realm. From the man page I have learned it internally uses krb5_sname_to_principal to get the hostname, if NULL it takes the localhost name. Now my question is how do pass the correct host name (server-host) to gss

Trouble connecting via paramiko + kerberos

元气小坏坏 提交于 2019-12-07 18:50:16
问题 Currently when I want to connect to a node I simply do: ssh username@node and everything works fine. (thanks Kerberos :-)) Now I'm trying to develop a simple python script that connect to a specified host but I cannot connect to it using that script. The following my script: import paramiko import gssapi ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(hostname = 'node_name', username = 'my_uname', gss_auth = True, gss_kex = True) But I received

javax.naming.AuthenticationException in GSSAPI

空扰寡人 提交于 2019-12-07 08:09:33
问题 I'm trying to perform NTLM bind using JAVA GSSAPI. I'm receiving this error: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Invalid option setting in ticket request. (101))]] I think (not sure) it worked in the past. To solve other problem, I tried "kinit". From that point is stopped working. I even deleted the cache file (couldn't find kclear in

Functional test for Kerberos Ticket Validation

*爱你&永不变心* 提交于 2019-12-07 04:46:48
问题 I have written some code to validate a client's kerberos ticket on my server. I have also written unit tests for my classes. The unit tests are written by mocking the calls to the GSS library classes. This does not give me enough confidence though since the actual GSS calls are mocked. From my research so far, I have gathered that in order for me to validate the client's token I'll need to decrypt it with the shared key I have with KDC, which I can get from the keytab file. So in order to
订阅 gssapi