gssapi

I'm trying to perform NTLM bind using JAVA GSSAPI. I'm receiving this error: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Invalid option setting in ticket request. (101))]] I think (not sure) it worked in the past. To solve other problem, I tried "kinit". From that point is stopped working. I even deleted the cache file (couldn't find kclear in windows) and, still, I have this issue. How can I solve it? May it helps you from Troubleshooting : Cause:

I'm working with an LDAP in forest architecture (all servers and my server are windows). I'm binding to the AD using NTLM authentication. I have a JAVA code that perform the operations against the LDAP server. The code is wrapped as a tomcat servlet. When running the JAVA code directly (just executing the LDAP authentication code as an application), the bind works both against the local domain (local domain = I logged in to windows, and ran this process with a user of this domain) and foreign domains. When running the JAVA code as a servlet, the bind works and authenticates users from one

I've got a Java client app and a Java server app, and I'm trying to authenticate to the server via Kerberos. The client basically uses http-components and SPNEGO to make a HTTP GET call, but I always get 401 Unauthorized as a result. I can not spot the error in the Kerberos login sequence below, maybe you guys can: Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa lse principal is null tryFirstPass is false useFirstPass is false storePass is f alse clearPass is false Kerberos

Over the last few days I have built a proof-of-concept demo using the GSS-API and SPNEGO . The aim is to give users single-sign-on access to services offered by our custom application server via Http RESTful web-services. A user holding a valid Kerberos Ticket Granting Ticket (TGT) can call the SPNEGO enabled web-service, the Client and Server will negotiate, the user will be authenticated (both by Kerberos and on application level), and will (on successful authentication) have a Service Ticket for my Service Principal in his Ticket Cache. This works well using CURL with the --negotiate flag

I have created 2 demo Kerberos Clients using the GSS-API. One in Python3, the second in Java. Both clients seem to be broadly equivalent, and both "work" in that I get a service ticket that is accepted by my Java GSS-API Service Principal. However on testing I noticed that the Python client saves the service ticket in the kerberos credentials cache, whereas the Java client does not seem to save the ticket. I use "klist" to view the contents of the credential cache. My clients are running on a Lubuntu 17.04 Virtual Machine, using FreeIPA as the Kerberos environment. I am using OpenJDK 8 u131.

I am struggling to authenticate to a Java web container (I've tried both Tomcat and Jetty) when running on Windows 2012. Every time I try the Negotiate auth scheme I get an error: org.ietf.jgss.GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag) Steps to reproduce Start out by setting up a Windows Server 2012 or 2016 instance and install active directory domain services. In my example, I created: NETBIOS Domain: NICKIS Dns domain: nickis.life Create the kerberos subject user on Active Directory IMPORTANT: MAKE SURE THAT THE FIRST NAME, LAST NAME AND