kerberos

问题 I need to route ActiveMQ messages to Kafka(Cloudera) using Camel using authentication protocol Kerberos. ActiveMQ v5.15.4 Camel:2.21.1 Kafka Clients: 1.1.0 Server Version: Apache/2.4.6(CentOS) Kafka Security documentation states that it only supports SASL_PLAINTEXT and SASL_SSL for Kerberos On the other hand when I try to use SASL_PLAINTEXT for security protocol in Camel I am getting an error during the ActiveMQ starting. As a result ActiveMQ will not start. I took the latest Camel code from:

问题 Iam trying to connect to hdfs locally via intelliJ installed on my laptop.The cluster I'am trying to connect to is Kerberized with an edge node. I generated a keytab for the edge node and configured that in the code below. Iam able to login to the edgenode now. But when I now try to access the hdfs data which is on the namenode it throws an error. Below is the Scala code that is trying to connect to hdfs: import org.apache.spark.sql.SparkSession import org.apache.hadoop.conf.Configuration

问题 I have an old application that we setup with delegation based kerberos. Everything with the application worked fine till we tried it out on one of our new Windows 10 machines. After awhile, we finally figured out that Credential guard is not playing nice with this old application. According to https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-considerations Kerberos Considerations When you enable Windows Defender Credential Guard, you can

问题 I am creating a Windows Credential Provider to logon into a Windows domain using certificates as described on this article. This implies creating a custom KSP that will be called by LsaLogonUser when creating an authentication package. I manage to create the custom KSP and tested it successfully in a standalone app that calls LsaLogonUser directly. Basically creating the authentication package and pass it to LsaLogonUser, loaded the KSP, called a bunch of functions and authenticated the user

问题 I've been running the following commands on W12 Server :- setspn -A HTTP/ krbspn ktpass /princ HTTP/@ /crypto ALL /ptype krb5_nt_principal /mapuser krbspn c:\ticket\krbspn.keytab -kvno 0 /pass Pa$$w0rd and kinit krbspn gives the correct result, however kinit HTTP/ returns :- KrbException: Client not found in Kerberos database (6) at sun.security.krb5.KrbAsRep.(KrbAsRep.java:76) at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:319) at sun.security.krb5.KrbAsReqBuilder.action

问题 Qn: If i've diff kerberos Realms, and the broker sits on Linux and producer sits on windows, how do enable the connectivity using Kerberos? I have valid keytab. and here is the krb5 Please see marked answer to this question in this link. Connect to Kafka on Unix from Windows with Kerberos below question is continuation for 3rd scenario explained by @Samson. answering some of Samson's suggestions, 1 default realm is added in krb5. 2.there is one way trust. the broker domain trusts my domain.

问题 Been integrating Kerberos authentication in my SSO project. Came across a peculiar scenario. I made a new user and attached an SPN to it. Followed steps on this question and got everything working. By everything I mean :- kinit username - and then entering password gave me the message that ticket was saved. kinit spn(int the format HTTP/FQDN) - and then entering password gave me the message that ticked was saved. After some time I decided to try this over once again, and so I used the command

问题 I have a Spring Boot + Spring Security + Waffle application which can authenticate very well if the pages are visited from Firefox. If I do the same from IE 11, the first authentication sequence performs correctly, but as soon as I try to click on a link, I get a 401 Unauthorized. Comparing to what I see in Fiddler for IE 11 and Firefox, there's a difference, but I don't really know whether and how that affects this. Firefox : gets the 401, sends the request with the negotiate header, gets a

问题 I have a Java EE web application from the web app I have to consume a SharePoint web-service which expects Kerberos/NTLM authentication how can I achieve. I am using CXF for consuming web-service and the web application it self uses Windows Integrated Authentication for authentication. 回答1: Take a look at the SPNEGO protocol, this is what Sharepoint ( technically IIS ) uses for Single Sign On authentication. I am not familar with CXF, but generally most of the WebServices platforms allow you

问题 We have a server side application that can talk to external services. It depends on our configuration whether we authenticate against those services with the credentials of the user who called us, with pre-configured credentials, or not at all. The external services may use HTTP Negotiate authentication. For our custom HTTP/WebDAV requests, we use Apache HttpClient, where we have the credentials handling under our own control. But for JAX-WS calls (or plain HTTP URLs called by 3rd party libs)