kerberos

问题 I'm trying to wire our windows client application to use a single-sign-on mechanism. I'm following the explanations that can be found here. I'm already having trouble getting the first step to work, that is, acquiring the Signed On User's Ticket-Granting-Ticket. When running my unit test (code see below), I'm getting the following exception: javax.security.auth.login.LoginException: Unable to obtain Princpal Name for authentication at com.sun.security.auth.module.Krb5LoginModule.promptForName

问题 I would like to support both Kerberos and standard username+password authentication (via web form) in parallel. This is works fine, when the client is in the domain. The server returns the HTTP header "WWW-Authenticate: Negotiate" and sends an HTTP error 401 (unauthorized), as required by the Kerberos protocol, and the browser client then continues by sending the required information. But when the login page is accessed from outside the domain, the process stops on the client-side after

问题 I'm trying to setup kerberos authentication in a Java web-app running in a Tomcat on Linux. I'm using the spring security kerberos extension. I'm using: jdk 1.7u75 spring-security-kerberos 1.0.0.RELEASE MS Active Directory On my local development machine (windows) everything runs fine. But after deploying the app to a linux machine authentication is no longer working. I strongly suspect that something is wrong with my Kerberos configuration : [libdefaults] default_realm = INT.MYCOMPANY.DE

问题 I'm trying to implement SSO on an intranet application we are developing. I am using SPNEGO for this. Now I'm having some trouble configuring the SSO and hope someone here is able to help me. The setup is like this: Linux server with tomcat to serve the intranet application Windows Server 2008 as domain controller (Active Directory) Windows 7 client with IE9 and Firefox When I open the intranet application I see a GET request going from the client to the tomcat server. The first response of

问题 I have configured my application to use Kerberos authentication through SPNEGO with Websphere. Here are the details krb5.conf [libdefaults] default_realm = ABC.MYCOMPANY.COM default_keytab_name = FILE:C:\IBM\WebSphere\AppServer\kerberos\MyServer.keytab default_tkt_enctypes = rc4-hmac des-cbc-md5 default_tgs_enctypes = rc4-hmac des-cbc-md5 forwardable = true renewable = true noaddresses = true clockskew = 300 [realms] ABC.MYCOMPANY.COM = { kdc = TEST.abc.mycompany.com:88 default_domain =

问题 When our customers install our software, they often opt for a "split install", where the services run on one box and the database is on another box. The services might talk to other services, or the database might contain stored procedures that need to talk to another database. This leads us into the murky world of Kerberos and SetSPN. I was about to send the support guys an email breaking down the difference between the various authentication levels supported by Windows, but I realised that

问题 I am getting the following error when trying to trying to access the application from the same machine where jboss server is running org.springframework.security.authentication.BadCredentialsException: Kerberos validation not succesfull at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:69) at org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider.authenticate

问题 I'm unable to access WebHDFS from browser due to Kerberos security. Can anyone help me with this? Below is the error in browser for “http://****.****/webhdfs/v1/prod/snapshot_rpx/archive?op=LISTSTATUS&user.name=us” HTTP ERROR 401 Problem accessing /webhdfs/v1/prod/snapshot_rpx/archive. Reason: Authentication required .Net code for making a request to this URL HttpWebRequest http = (HttpWebRequest)WebRequest.Create(requestUri); http.Timeout = timeout; http.ContentType = contentType; string

问题 Can a computer that is NOT a part of the domain (but is on the network) authenticate against to a web site published by IIS8 where the authentication for that site is "Windows Authentication" only with a single provider of "Negotiate:Kerberos" (and with Kernel-mode authentication disabled)? I ask because I am trying to do just this, but I cannot get past the authentication to the site (yet alone trying to pass the authentication to the database). I see the "WWW-Authenticate: Negotiate" header

问题 I am implementing kerberos Authentication in my existing java spring application.My unix team has provided me SPN, krb5.conf and keytab file. I am trying hard with below code and configuration but getting unable to obtain password from user exception as in attached logs below. Can anybody correct me If I am doing something wrong or what could be going wrong? Let me know if you need more information on this. It would be good if someone can tell, how to verify if kerberos configuration is