sspi

问题 We are reconfiguring a SPNEGO / Kerberos SSO application to use AES128 / AES256 instead of the the weak encryption ciphers DES and RC4. Some days ago I posted a preparatory question: Now we have a concrete error. The token supplied to the function is invalid. The components: The Kerberos “back-end” is Windows Active Directory The Application Server uses pure Java GSSAPI and runs on Windows Server. The client runs on Windows 10, and is written in Java. It has 2 SPNEGO / SSO implementations:

问题 We are reconfiguring a SPNEGO / Kerberos SSO application to use AES128 / AES256 instead of the the weak encryption ciphers DES and RC4. Some days ago I posted a preparatory question: Now we have a concrete error. The token supplied to the function is invalid. The components: The Kerberos “back-end” is Windows Active Directory The Application Server uses pure Java GSSAPI and runs on Windows Server. The client runs on Windows 10, and is written in Java. It has 2 SPNEGO / SSO implementations:

问题 I am attempting to use the .Net System.Security.SslStream class to process the server side of a SSL/TLS stream with client authentication. To perform the handshake, I am using this code: SslStream sslStream = new SslStream(innerStream, false, RemoteCertificateValidation, LocalCertificateSelectionCallback); sslStream.AuthenticateAsServer(serverCertificate, true, SslProtocols.Default, false); Unfortunately, this results in the SslStream transmitting a CertificateRequest containing the

问题 Is calling ImpersonateSecurityContext on the server impersonating the client on the calling thread or for the entire process. The documentation is a bit vague on the matter as it states that "The function creates an impersonation token and allows the thread or process to run with the impersonation context" . I assume that impersonation is only for the calling thread, anything else would be strange, but I want to be sure. 回答1: Per MSDN: Client Impersonation Impersonation is the ability of a

问题 I've been running one Django app with Single Sign-On enabled by mod_auth_sspi using mod_wsgi. Apache/2.2.21 (Win32) mod_wsgi/3.3 Python/2.7.2 mod_auth_sspi/1.0.4 Problem is, that I can't add second Django app, which uses the same modules, because I want to use Single Sign-On too. If I add second app, Apache authenticates only the first requested app. The second one throws Error 500 - Internal server error. If I restart Apache and try to request second app at first, it works. But then when I

问题 I want to see a microsoft sample that demonstrate using of SSPI with Schannel. As I see here there is a such sample, but I cannot succeed to find it :( Can anyone please help me to find it? Thanks in advance! 回答1: There are WebServer and WebClient examples in Windows® Server 2003 SP1 Platform SDK ISO Install under Microsoft Platform SDK\Samples\Security\SSPI\SSL . 来源： https://stackoverflow.com/questions/11330471/looking-for-platform-sdk-sspischannel-sample-c

问题 My project invoves a user connecting from client to web service, and then web service to SQL Server. The web services and SQL Server are on separate machines. Because of security requirements, we cannot used mixed mode in SQL Server, only Windows authentication. We are experiencing the "double-hop" issue between web service and SQL Server. We are using NTLM authentication and do not want to configure Kerberos because of the overhead and learning curve. We also don't want to have the web

问题 In order to do client-side HTTP SPNEGO authentication with Java on Windows you need to set the Windows Registry key allowtgtsessionkey. This is well documented. What I do not understand is how people get around this? Most corporate sites would never accept to change this registry key in Windows for the sake of a single piece of software. Also think about the hassle if this needs to be changed on every workstation in the organization. But that's just theory because I've so far been unable to

问题 I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root certificates and Local Personal Certificates folder. Now I have a class library that deals with that connection, when i call this class library from a console application running from the server it works absolutely fine, but when i call that class library

问题 I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root certificates and Local Personal Certificates folder. Now I have a class library that deals with that connection, when i call this class library from a console application running from the server it works absolutely fine, but when i call that class library