kerberos

问题 I'm running a NodeJS server on a Windows Server 2008. The server doesn't do much but I set the header for 401, WWW-Authenticate Negotiation which I know can go either with his default Kerberos authentication or if it's not available then with NTLM. I downloaded fiddler and discovered that when I try to reach the server it tries to authenticate with NTLM(prompt me for username and password) rather than Kerberos, even though the computer is in the same domain as the server and when I do run the

问题 I've got two separate homemade applications that need to communicate among themselves. One is a frontend application (asp.net actually), the other is a backend interface to an accounting application. The backend interface was not created specifically for this frontend - it is a generic interface that many other applications use to integrate with our product. For the convenience of users we wish to provide a Windows Authentication in our frontend application. That means however that we need to

问题 We have a 3rd party product that allows some of our users to manipulate data in a database (on what we'll call SvrSQL) via a website on a separate server (SvrWeb). On SvrWeb, we have a specific, non-default website setup for this application so instead of going to http://SvrWeb.company.com to get to the website we use http://application.company.com which resolves to SvrWeb and the host headers resolve to the correct website. There is also a specific application pool set up for this site which

问题 I am working on ASP.NET 4.0 MVC3 web application that works in intranet environment. The application makes use of Windows authentication. Its application pool is run by domain user that has spn set on a domain controller. Authentication works using Kerberos (on IE and Firefox after some additional configuration). Now I want to upload files to sharepoint, but it's important for me to upload the file as the user currently logged in into the application (so the file is created on Sharepoint with

问题 I'm working a web appliaction with SSO based on the Windows domain login, for this purpose I have chosen to validate Kerberos tickets. But now I'm facing a problem for which I can't find a solution. I manage to validate a ticket without exceptions, but when I'm trying to get the userName, NullPointerException is thrown, because the username is null and I don't know where is problem. Why is user name null if I don't get any exception during the validation? How I get userName: String clientName

问题 My issue here is how to deal with security and a proper implementation of impersonation which will work from a client machine and authenticate properly to my IIS server which passes the still valid impersonation ticket along with the LDAP request. My System is an independent server running on my company intranet which hosts the domain controller, LDAP server, etc, and uses Kerberos protocol. System Info: IIS7 with Windows Auth and Impersonate on Windows 7 x64 Network Info: IIS 6, LDAP,

问题 I'm trying to write a simple script that requests some data from a tool on an internal network. Here is the code: #!/usr/bin/node var https = require('https'); var fs = require('fs'); var options = { host: '<link>', port: 443, path: '<path>', auth: 'username:password', ca: [fs.readFileSync('../.cert/newca.crt')] }; https.get(options, function(res) { console.log("Got response: " + res.statusCode); res.on('data', function (d) { console.log('BODY: ' + d); }); }).on('error', function(e) { console

问题 I'm trying to write a simple script that requests some data from a tool on an internal network. Here is the code: #!/usr/bin/node var https = require('https'); var fs = require('fs'); var options = { host: '<link>', port: 443, path: '<path>', auth: 'username:password', ca: [fs.readFileSync('../.cert/newca.crt')] }; https.get(options, function(res) { console.log("Got response: " + res.statusCode); res.on('data', function (d) { console.log('BODY: ' + d); }); }).on('error', function(e) { console

问题 I was looking at this: http://docs.oracle.com/javase/7/docs/technotes/tools/windows/kinit.html and noticed that it says I could use the "password flag". I am not sure how to do this though? Can I enter the password for kinit without it prompting me? For example currently: If I type in: $ kinit test@REALM I get response: test@REALM's password: and I have to enter the password. Is there anyway I can input something like kinit test@REALM password so it doesn't prompt me? 回答1: Use a keytab for

问题 I am submitting a job to YARN (on spark 2.1.1 + kafka 0.10.2.1) which connects to a secured hbase cluster. This job, performs just fine when i am running in "local" mode (spark.master=local[*]). However, as soon as I submit the job with master as YARN (and deploy mode as client), I see the following error message - Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user I am following hortonworks recommendations for providing information to yarn cluster