kerberos

问题 I appear to have hit a bit of a dead-end with getting spring-security-kerberos-web to work with a Spring Boot application. I have a single @Configuration class in my project as below package com.co.dept.bsc.configuration; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.FileSystemResource; import org.springframework.security.authentication.AuthenticationManager; import org.springframework

问题 I'm in the "pre-design" phase (if there is such a thing!) for a Java EE app that will use a Swing box on the client end and implement components for both web and server tiers. I'm instantly presented with some technology choices and have been reading up on the differences between how Kerberos and SSL work. One area that I have not been able to find any answers to has been the subject of how to choose between Kerberos or SSL. In other words, how do you tell when it is appropriate to use either

问题 is anyone aware of any embeddable Kerberos servers (KDC / KAdmin), which are written in Java and may run just within the JVM process (something like Hadoop minicluster or embedded LDAP servers)? My goal it to let people run integ tests requiring Kerberos authentication without having to install local kerberos server/configure remote server and connection to it. 回答1: You can give Apache Directory Server (http://directory.apache.org/) a try. It supports LDAP and Kerberos. See this example: http

问题 a similar question was asked in question 494120, but IMHO was not really answered... I want to upload files to a sharepoint using perl/WebDAV (from a Win32 host). To achive this, I need to authenticate with KERBEROS on the server. After googling for hours and trying different approaches, I'm not able to open a connection. Current code is this: my $agent = HTTP::DAV::UserAgent->new(keep_alive=>1); $agent->agent('Agent'); $agent->timeout(1000); my $d = HTTP::DAV->new(-useragent => $agent); $d-

问题 I am a new enterprise iOS developer. We are developing an app that is managing our enterprise apps(somehow like a app store&MDM). I stacked by a issue : I want to implement Single Sign-On for our enterprise Apps (Not with the same Developer ID), which means if the app-store App is signed in, the other apps(involved in our enterprise app platform) do not need users to enter ID & PassWord again. I have searched for the same and I got some information which mentioned sharing keychain and iOS

问题 I am new on kerberos authentication and don't know anything about it. I have the server name, username and password ready for it. I need to authenticate users from stand alone windows application. Can somebody please help? I did not find much help on googling. Appreciate any thought. 回答1: In Kerberos you authenticate not with pair username/password, but by attaching Kerberos token, which you can grab from CredentialsCache. WebRequest WReq = WebRequest.Create (MyURI); WReq.Credentials =

问题 I am using Krb5LoginModule in one of the POC. I have provided useDefaultCache=true and renewTGT=true. The code throws an exception when the ticket is expired although I have mentioned renewTGT=true. I have set up allowtgtsessionkey value to 1 in windows registry (I am running XP SP2). The KDC (ActiveDirectory) settings are default. Ticket lifetime = 10 hours and renewal request threshold = 7 days. Source Code import java.util.HashMap; import java.util.Map; import javax.security.auth.Subject;

问题 I have a Spring based Web App which I would like to implement a Single Sign On solution on. The basic flow would be: 1) User logs in into Windows Workstation/Desktop PC (authenticating against organisation's Active Directory) 2) User opens browser and navigates to Spring Web App. 3) Spring Web App somehow confirms that the user is already authenticated against AD and seamlessly lets them in. i.e. no challenge for username and password. Infact, the Spring web app would NEVER show a login form.

问题 I want to make a script that will generate the a keytab using ktutil. When running the script I want to use [user]$ script.sh PASSWORD #script.sh echo "addent -password -p PRINCIPAL -k 1 -e aes256-cts-hmac-sha1-96" | ktutil Ktutil than needs a password, here I want to use the PASSWORD argument from above. How would I pass the password arguement? 回答1: With GNU bash: user="PRINCIPAL" pass="topsecret" printf "%b" "addent -password -p $user -k 1 -e aes256-cts-hmac-sha1-96\n$pass\nwrite_kt $user

问题 I'm using spnego ( http://spnego.sourceforge.net ) for kerberos authentication under JBoss. I need to decrypt kerberos ticket to access the authorization-data which will containt PAC data. The PAC data is needed to decide which roles are to be granted to user. How to access and decrypt kerberos ticket? I've searched net for examples, but without effort. 回答1: These guys have a full PAC decoding implementation: http://jaaslounge.sourceforge.net/ You can use the token parser like this: