kerberos

Kerberos authentication on iPhone

末鹿安然 提交于 2019-12-11 02:57:40
问题 Are there any libraries for kerberos authentication for iPhone? Heimdal doesn't have a build for iOS. Are there any examples for using Kerberos to Authenticate to Active Directory server? 回答1: If Apple does not provide a GSS-API for/on iOS, you are out of luck. You should consult the iOS dev forums at Apple's website. A simple Google search shows that there is no support. 回答2: iOS 5 (maybe even earlier) does have a GSS.framework that supports Kerberos. I'm not entirely sure how to use it,

Why does the Server need access to Kerberos?

北城以北 提交于 2019-12-11 02:19:17
问题 I am trying to find out how to authenticate Active Directory users to a remote server. The goal is to use SPNEGO to receive a Kerberos ticket. The Kerberos ticket can then be decrypted and the identity of the user can be estabilished. What I do not understand, is why access between server and Kerberos is required. Since the Service Ticket contains the client identity and is encrypted by the TGS private key, the Server does not need access to the Kerberos TGS. It can just decrypt the Ticket

MIT Kerberos fails to locate TGT in MSLSA cache

。_饼干妹妹 提交于 2019-12-11 02:19:14
问题 I'm struggling with a Windows application which uses MIT Kerberos for authentication. If a user logs on to Windows with a domain user account, klist shows that he gets the expected tickets from the AD, including this one: #1> Client: jalf @ TESTREALM.COM Server: krbtgt/TESTREALM.COM @ TESTREALM.COM KerbTicket Encryption Type: RSADSI RC4-HMAC(NT) Ticket Flags 0x40e00000 -> forwardable renewable initial pre_authent Start Time: 1/12/2012 9:46:27 (local) End Time: 1/12/2012 19:46:27 (local) Renew

How to use WAFFLE for SSO using stand alone java client

南笙酒味 提交于 2019-12-11 02:05:58
问题 We are trying to use WAFFLE for SSO using a standalone java client with JAAS. We've mentioned waffle.jaas.WindowsLoginModule in our jaas.conf but it is prompting for user name, password which we believe is not an ideal solution for SSO. Can any one suggest how to avoid this? FYI - We aren't using any web/app server. 回答1: I believe you will need both a server and client for SSO. You can have a look at this example, it doesn't use the login module but the underlying WindowsSecurityContext

HBase with Kerberos - keep a HTable instance open more than 10 hours

巧了我就是萌 提交于 2019-12-11 00:58:52
问题 Here is the situation: we have a secured (Kerberos) HBase cluster. I have an object that creates an instance of HTable at startup and hang on to it. It calls: UserGroupInformation.setConfiguration(configuration); UserGroupInformation.loginUserFromKeytab(user, keytab); to login to the Kerberized cluster. This object then hangs around unused for many hours. After more than 10 hours (the timeout on a ticket from our Kerberos cluster), the next call to scan the table results in this: 16/12/01 18

Running any Hadoop command fails after enabling security.

末鹿安然 提交于 2019-12-10 21:29:48
问题 I was trying to enable Kerberos for my CDH 4.3 (via Cloudera Manager) test bed. So after changing authentication from Simple to Kerberos in the WebUI, I'm unable to do any hadoop operations as shown below. Is there anyway to specify the keytab explicitly? [root@host-dn15 ~]# su - hdfs -bash-4.1$ hdfs dfs -ls / 13/09/10 08:15:35 ERROR security.UserGroupInformation: PriviledgedActionException as:hdfs (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by

How to renew expiring Kerberos ticket in HBase?

前提是你 提交于 2019-12-10 21:16:08
问题 I have a small spring service, which provides basic functionality like put/delete/get from hbase table. Everything seems to work, but there is one problem. After 10 hours after starting my tomcat server, my kerberos ticket expires, so I should renew it. I tried to use java api for hbase and in my code in every method, which connects to hbase I added this line: UserGroupInformation.getLoginUser().checkTGTAndReloginFromKeytab(); I tried also with: UserGroupInformation.getLoginUser()

oozie java api submit job, kerberos Authentication error

吃可爱长大的小学妹 提交于 2019-12-10 21:06:30
问题 I hava hadoop-2.7 cluster, oozie-4.0.1 running in secure mode(with kerberos). All are well. I can use cli commands submit job as follow: Kinit myuser oozie job -oozie https://10.1.130.10:21003/oozie -config job.properties -run but I use oozie java api submit job, kerberos exception occur. Exception in thread "main" AUTHENTICATION : Could not authenticate, GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at org.apache.oozie.client.AuthOozieClient

Kerberos/Spnego authentication issue after password change

喜夏-厌秋 提交于 2019-12-10 20:26:23
问题 I setup Tomcat to use SPNEGO authentication, so the users can Single-Sign-On to our web applications without typing their password and everything worked fine. Yesterday i changed the password of the service account and i recreated the keytab file but after a Tomcat restart the SSO sopped to work. In the logs i found: exception [GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)] with root cause java.security.GeneralSecurityException: Checksum failed at sun

python kafka kerberos 验证 消费 生产

醉酒当歌 提交于 2019-12-10 20:16:13
【推荐】2019 Java 开发者跳槽指南.pdf(吐血整理) >>> [toc] 安装 pykafka github $ pip install pykafka $ conda install -c conda-forge pykafka 注意kafka版本只支持 kafka 1.1, 1.0,0.11, 0.10, 0.9,0.8 (201902) 该作者在https://github.com/dpkp/kafka-python/pull/1152 这个推送增加了kerberos支持 验证kerberos java或者文件中 对应python参数 描述 security.protocol security_protocol 安全协议 kerberos.domain.name sasl_kerberos_domain_name 域名 sasl.kerberos.service.name sasl_kerberos_service_name 服务名 sasl.enabled.mechanisms&sasl.mechanism.inter.broker.protocol sasl_mechanism 认证机制 principal sasl_plain_username 用户租户名称 kerberos知识 配置一般在consumer.properties中 拆解一个Principal:
订阅 kerberos