spnego


spring-security-kerberos can't read keytab?

五迷三道 提交于 2020-01-14 20:42:11
问题 I'm trying to follow this tutorial for spring-security-kerberos I have a keytab with one principal in it: ktutil: rkt http-web.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 3 HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM This keytab was generated on a the win 2k8 domain controller with this command: ktpass /out http-web.keytab /mapuser aulfeldt-hta-nightly@WAD.ENG.HYTRUST.COM /princ HTTP/aulfeldt.hta.nightly@WAD.ENG

spring-security-kerberos can't read keytab?

旧时模样 提交于 2020-01-14 20:41:12
问题 I'm trying to follow this tutorial for spring-security-kerberos I have a keytab with one principal in it: ktutil: rkt http-web.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 3 HTTP/aulfeldt.hta.nightly@WAD.ENG.HYTRUST.COM This keytab was generated on a the win 2k8 domain controller with this command: ktpass /out http-web.keytab /mapuser aulfeldt-hta-nightly@WAD.ENG.HYTRUST.COM /princ HTTP/aulfeldt.hta.nightly@WAD.ENG

Kerberos - SPN and keytabs

岁酱吖の 提交于 2020-01-14 04:23:32
问题 I have a project that have embedded jetty with SPNEGO enabled. I would like to be able to run this project locally for development purposes (WITH SPNEGO enabled!) My question is, is the SPN and keytab associated with a particular server at all or can I use the same set on multiple instances of my service? 回答1: Kerberos requires that both the client and server somehow figure the service principal to use without any prior contact. If you have control of both the client and server, you can use

Tomcat authentication using SPNEGO/Kerberos and delegation

大憨熊 提交于 2019-12-31 14:42:33
问题 Is there an apache module that implements Kerberos authentication for use by Tomcat and also supports Kerberos delegation? I've already looked at mod_spnego and it throws away the SSPI context it creates only keeping the principal name. Instead, I'm looking for a module that would allow for the delegation of the ticket sent to Tomcat - that is, taking the service ticket sent for authentication and using it server side to access another service on behalf of the user. EDIT: To clarify, I need

java security exception : checksum failed

杀马特。学长 韩版系。学妹 提交于 2019-12-25 02:29:32
问题 I am using http://webmoli.com/2009/08/29/single-sign-on-in-java-platform/ for SSO in java. I have KDC Windows server 2008, in that i have created spn by using setspn command for testsso user. And using testsso@MYDOMAIN.COM as principal in jaas.con. I have Tomcat server in Windows 7 machine(within AD). In this i have created one servlet as of jsp(from webmoli itself). I sending browser request for that servlet from 3rd machine Windows XP(within AD). But i get checksum failed error. Stacktrace

Kerberos delegation: GSSUtil.createSubject returns subject with principal name only

时间秒杀一切 提交于 2019-12-24 22:51:48
问题 I am doing kerberos delegation. I noticed that GSSUtil.createSubject(context.getSrcName(), clientCred) returns a Subject without having credentials in it. Prior to that i've done GSSCredential clientCred = context.getDelegCred(); which returns the credentials. Edit: When I hit my service from one machine in same domain, it works, while if accessed from other machine in same domain, it doesn't. Confused what additional settings are needed on AD ? Any help is highly appreciated. Following is my

Spring Boot + Ldap / AD + Kerberos SSO : KrbCryptoException - Checksum failed

孤街浪徒 提交于 2019-12-24 18:59:12
问题 I am trying to implement SSO with Spring Boot, Ldap and kerberos. Where I got multiple errors of Checksum fail for different encryption type. environment details:- Machine : Windows 10 JDK Version : Oracle 1.8.0_144 (64 bit) I appear to have hit a bit of a dead-end where I am not able to find any solution. Here is what error I get when run Added key: 17version: 5 Added key: 18version: 5 Added key: 23version: 5 Found unsupported keytype (3) for HTTP/host.test@EXAMPLE.COM Found unsupported

PHP - How to use Curl with Kerberos

南笙酒味 提交于 2019-12-24 17:33:36
问题 I'm trying to do some operation with curl, but the website where I have to work uses Kerberos authentication. Consequently I have to enable the SPNEGO function of curl which is disabled by default. This is the extract from my phpinfo: cURL support enabled cURL Information 7.19.7 Age 3 Features AsynchDNS No Debug No GSS-Negotiate Yes IDN Yes IPv6 Yes Largefile Yes NTLM Yes SPNEGO No SSL Yes SSPI No krb4 No libz Yes CharConv No Protocols tftp, ftp, telnet, dict, ldap, ldaps, http, file, https,

PHP - How to use Curl with Kerberos

假如想象 提交于 2019-12-24 17:33:10
问题 I'm trying to do some operation with curl, but the website where I have to work uses Kerberos authentication. Consequently I have to enable the SPNEGO function of curl which is disabled by default. This is the extract from my phpinfo: cURL support enabled cURL Information 7.19.7 Age 3 Features AsynchDNS No Debug No GSS-Negotiate Yes IDN Yes IPv6 Yes Largefile Yes NTLM Yes SPNEGO No SSL Yes SSPI No krb4 No libz Yes CharConv No Protocols tftp, ftp, telnet, dict, ldap, ldaps, http, file, https,

Choosing Kerberos (SPNEGO) Java library for web application single sign-on [closed]

天大地大妈咪最大 提交于 2019-12-23 09:59:38
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 years ago . I'm currently working on implementing enterprise authentication mechanisms in our Java web-application, including single sign-on. Windows networks are what we primary target at, and Kerberos sounds a reasonable choice. Sidenote: as far as I understand, the protocol used in web (HTTP) environment to SSO is SPNEGO

工具导航Map