kerberos

Kerberos authentication between Java on Linux and Exchange Web Services (EWS)

夙愿已清 提交于 2019-12-08 05:18:46
问题 Is it possible to have a Java process running on linux access EWS using kerberos only without the need of a pre-defined username/password combination? My current system architecture consists of a Java process that accesses EWS using a stored username/password combination. Requirement is to ensure that the credentials under which the Java process runs are authenticated on Exchange using Kerberos. Is it possible to have this setup? 回答1: You ticket a TGT in the ticket cache or a keytab for that

how to use gss_import_name correctly?

╄→尐↘猪︶ㄣ 提交于 2019-12-08 04:53:18
问题 I am using gss_import_name on the client side using GSS_C_NT_HOSTBASED_SERVICE to get a principal like service/server-host@realm. I am calling like this, gss_import_name(status, "SERVICE", GSS_C_HOSTBASED_SERVICE, output_name); But i get the principal like, service/local-machine@realm. From the man page I have learned it internally uses krb5_sname_to_principal to get the hostname, if NULL it takes the localhost name. Now my question is how do pass the correct host name (server-host) to gss

How can I detect if the screen is locked or screensaver is active from the Terminal in OS X 10.6?

两盒软妹~` 提交于 2019-12-08 03:18:49
问题 Due to the new limitations of Kerberos in OS X 10.6, I'm working on a script that offers similar functionality to what used to be available in 10.5. Essentially it parses the klist output to see if your ticket is expiring and displays how long until it expires. If we hit the 10 minute mark, it calls kinit to do a GUI password prompt to ask for your kerberos password. If the ticket is expired it does the same thing. The script makes sure that kinit is not running before calling it again so we

Kerboros cached ticket deleted after using Windows lock screen

早过忘川 提交于 2019-12-07 21:01:55
问题 Is there anyway to stop the Kerboros cached ticket from being deleted after Windows enter the lock screen. Upon first login to Windows, klist.exe shows 2 cached tickets. However, after there is a Windows lockscreen event, klist.exe shows that 0 cached tickets. Thanks in advance. 回答1: This is by design. There is no way to prevent the Kerberos service ticket(s) from being purged after a screen lock. As soon as you access a new Kerberos-protected resource again, a new authentication procedure

Kerberos Double Hop

北城以北 提交于 2019-12-07 20:11:16
We have the infamous Kerberos double hop issue. This is a brand new domain, being migrated from another provider where impersonation and delegation was previously working. We have upgraded OS's and to the latest SQL server (2017). WPF app (using domain creds) -> Web Service (WCF app on IIS 10) -> SQL 2017 (named instance) The web service is running under a domain account. The web service has an spn registered, Anonymous Auth is disabled as is forms auth, ASP.NET Impersonation and Windows Auth is enabled. Providers are "Negotiate and NTLM," "Kernal Mode" is disabled, "Use App Pool credentials"

Trouble connecting via paramiko + kerberos

元气小坏坏 提交于 2019-12-07 18:50:16
问题 Currently when I want to connect to a node I simply do: ssh username@node and everything works fine. (thanks Kerberos :-)) Now I'm trying to develop a simple python script that connect to a specified host but I cannot connect to it using that script. The following my script: import paramiko import gssapi ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(hostname = 'node_name', username = 'my_uname', gss_auth = True, gss_kex = True) But I received

Kerberos java to hive keytab authentication, login failure UserGroupInformation.loginUserFromKeytab

∥☆過路亽.° 提交于 2019-12-07 18:14:39
问题 I am trying to get kerberos keytab authentication work from java to Hive and not finding solution to fix the issue. org.apache.hadoop.conf.Configuration conf = new org.apache.hadoop.conf.Configuration(); conf.set("hadoop.security.authentication", "kerberos"); conf.set(HiveClientFactory.HIVE_METASTORE_URIS,"thrift://{URL}"); UserGroupInformation.setConfiguration(conf); UserGroupInformation.loginUserFromKeytab(krbPrincipal, keyTabPath); java.io.IOException: Login failure for {krbPrincipal} from

Ansible to Windows using Kerberos not working

天大地大妈咪最大 提交于 2019-12-07 17:56:48
问题 I am attempting to use Ansible 1.9.0.1 to configure Windows servers using a domain user name. I have successfully setup the Linux Ansible control box and have been able to use basic auth to run ansible/ansible-playbook plays. However running with a domain user fails. Kerberos is enabled on the Windows nodes: winrm get winrm/config/client/auth Auth Basic = true Digest = true Kerberos = true Negotiate = true Certificate = true CredSSP = true The playbook I am trying to run just references the

How to configure kerberos on Tomcat/linux server?

不想你离开。 提交于 2019-12-07 14:52:29
I'm trying to setup kerberos authentication in a Java web-app running in a Tomcat on Linux. I'm using the spring security kerberos extension. I'm using: jdk 1.7u75 spring-security-kerberos 1.0.0.RELEASE MS Active Directory On my local development machine (windows) everything runs fine. But after deploying the app to a linux machine authentication is no longer working. I strongly suspect that something is wrong with my Kerberos configuration : [libdefaults] default_realm = INT.MYCOMPANY.DE ccache_type=4 kdc_tymesync=1 forwardable=true proxiable=true [realms] INT.MYCOMPANY.DE = { admin_server =

Spring Security Kerberos + AD, Checksum Fail

我的梦境 提交于 2019-12-07 14:20:53
问题 I'm trying to do a Spring Security Kerberos with Active Directory credentials as stated in http://docs.spring.io/spring-security-kerberos/docs/1.0.1.RELEASE/reference/htmlsingle/#samples-sec-server-win-auth. I'd like to say that I've got most of the things down (SPN, keytabs, etc.). Now I've got a checksum fail. Supposing I change my principal name, I get an AES encryption error. I'm using Spring Boot on RHEL 6 with Oracle Java 1.8 + JCE Sample from https://github.com/spring-projects/spring
订阅 kerberos