kerberos

Java Kerberos authentication seems to work, still gets rejected

半城伤御伤魂 提交于 2019-12-09 09:37:48
问题 I've got a Java client app and a Java server app, and I'm trying to authenticate to the server via Kerberos. The client basically uses http-components and SPNEGO to make a HTTP GET call, but I always get 401 Unauthorized as a result. I can not spot the error in the Kerberos login sequence below, maybe you guys can: Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa lse principal is

npm install mongoose fails (kerberos and bson errors)

牧云@^-^@ 提交于 2019-12-09 07:46:27
问题 So I'm attempting to launch my node app, but there's a few errors arising from my MongoDB installation. Here are the specs for my dev environment: node => 0.10.33 (installed from nodejs.org) npm => 1.4.28 (installed from nodejs.org) git => 2.1.3 (homebrewed) mongodb => 2.6.5 (homebrewed) If it makes a difference, I am also using the Mean Stack Skeleton as part of a tutorial. In a nutshell, when I try to run my node app using $ node app.js , I get the following feedback: USER$ npm install

Does Kerberos connection to the SQL server needs password to be supplied in connection properties?

情到浓时终转凉″ 提交于 2019-12-09 03:26:21
问题 I am trying to connect to sql server by using keytab and it throws below error com.microsoft.sqlserver.jdbc.SQLServerException: Cannot login with Kerberos principal DOMAIN\User, check your credentials. Kerberos Login failed: Integrated authentication failed. ClientConnectionId:6f436f49-b0bf-441e-bab3-e6af86ac8361 due to javax.security.auth.login.LoginException (Cannot get any of properties: [password, PASSWORD] from con properties not available to garner authentication information from the

MIT Kerberos tool makes JAAS able to access the Windows LSA? How to do it without the tool

房东的猫 提交于 2019-12-08 20:01:36
Running a Java app using JAAS i got a surprising effect: The Java client-application wasn't able to access windows LSA, until i installed the MIT Kerberos tool 'kfw-4.0.1-i386.msi' ? The JAAS conf file settings: WEBSTART_CLIENT_CONTEXT { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true doNotPrompt=false debug=true; } Running Java 1.8 on Windows 7 I got the logging using -Dsun.security.krb5.debug=true left without MIT tool installed, fails right with the MIT tool installed, succeeds I tried setting the registry key HKEY_LOCAL_MACHINE\System

kerberos 常用命令

99封情书 提交于 2019-12-08 16:38:28
假定前提 1:你已经知道kerberos是做什么的,有什么用了。 2:操作者叫 zhangsan 常用命令 命令 说明 kdestroy 删除票据 kinit zhangsan {需要密码}获取张三的票据 票据有效期使用的是默认值,此处是12小时 kinit -l 1h zhangsan 获取张三的票据,指定过期时间是1小时 过期时间的单位有 s秒 m分钟 h小时 d天 如果时间超过设置最大值,使用最大值 klist 查看票据 Valid starting 生效时间 Expires 过期时间 renew until 在此时间之前都可以免密续期 kinit -R 续期,注意不会改变renew until 客户端的配置文件是 /etc/krb5.conf Kerberos 凭证(ticket) 有两个属性, ticket_lifetime 和 renew_lifetime。其中 ticket_lifetime 表明凭证生效的时限,一般为24小时。在凭证失效前部分凭证可以延期失效时间(即Renewable), renew_lifetime 表明凭证最长可以被延期的时限,一般为一个礼拜。当凭证过期之后,对安全认证的服务的后续访问则会失败。 参考文章 https://docs.oracle.com/cd/E56344_01/html/E54075/kinit-1.html 中文手册

Does Server decide what Authentication Method is to be followed?

那年仲夏 提交于 2019-12-08 12:15:50
问题 For a Web Application, Does the Server decide what authentication method is to be followed or is it the Client. Are Authentication methods like NTLM and Kerberos Browser specific. In a intranet web application, where does BASIC and Diget stand as compared to NTLM and Kerberos? Thank You :) 回答1: As discussed in RFC 2617, it requires the cooperation of both parties. When credentials are required to access a resource, the server will send back a 401 response with one or more WWW-Authenticate

MIT Kerberos tool makes JAAS able to access the Windows LSA? How to do it without the tool

送分小仙女□ 提交于 2019-12-08 08:24:28
问题 Running a Java app using JAAS i got a surprising effect: The Java client-application wasn't able to access windows LSA, until i installed the MIT Kerberos tool 'kfw-4.0.1-i386.msi' ? The JAAS conf file settings: WEBSTART_CLIENT_CONTEXT { com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true renewTGT=true doNotPrompt=false debug=true; } Running Java 1.8 on Windows 7 I got the logging using -Dsun.security.krb5.debug=true left without MIT tool installed, fails right with the

How to connect to a Kerberos-secured Apache Phoenix data source with WildFly?

丶灬走出姿态 提交于 2019-12-08 07:21:56
问题 I have recently spent several weeks trying to get WildFly to successfully connect to a Kerberized Apache Phoenix data source. There is a surprisingly limited amount of documentation on how to do this, but now that I have cracked it, I'm sharing. Environment: WildFly 9+. An equivalent JBoss version should also work (but untested). WildFly 8 does not contain the required org.jboss.security.negotiation.KerberosLoginModule class (but you can hack it, see Kerberos sql server datasource in Wildfly

Weblogic + Kerberos + SSO

故事扮演 提交于 2019-12-08 07:07:11
问题 I’m trying to configure Single Sign On with weblogic and Kerberos. So, but I still get login page, may be you can tell me what is wrong by this log: Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /oracle/product12/user_projects/domains/test/krb/test.keytab refreshKrb5Config is false principal is kinp@TEST.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false KeyTab instance

Kerberos Double Hop

纵然是瞬间 提交于 2019-12-08 06:52:58
问题 We have the infamous Kerberos double hop issue. This is a brand new domain, being migrated from another provider where impersonation and delegation was previously working. We have upgraded OS's and to the latest SQL server (2017). WPF app (using domain creds) -> Web Service (WCF app on IIS 10) -> SQL 2017 (named instance) The web service is running under a domain account. The web service has an spn registered, Anonymous Auth is disabled as is forms auth, ASP.NET Impersonation and Windows Auth
订阅 kerberos