sspi

Can't connect to the SSL server that use only ephemeral ciphersuites (The Local Security Authority cannot be contacted)

蓝咒 提交于 2019-12-18 05:17:10
问题 I'm trying to connect to the test server started with openssl (this limited ciphersuite combination is intended): openssl s_server -accept 443 -www -tls1_2 -cipher ECDHE:DHE:EDH -cert selfsignedcert.pem -key sskey.pem The code I use is similar to msdn's public static bool ValidateServerCertificate( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } ... var client = new TcpClient(target, port); SslStream sslStream = new SslStream

support kerberos constrained delegation using SSPI for multiprocess

心不动则不痛 提交于 2019-12-17 23:19:08
问题 I need to support Kerberos constrained delegation for our C++ HTTP server product on Windows using SSPI. For a single process server, the follow workflow can be used and I have a working prototype. 1) Call AcquireCredentialsHandle 2) Call AcceptSecurityContext 3) Call ImpersonateSecurityContext 4) Do delegation 5) Call RevertSecurityContext However, the C++ HTTP server has a master process and a worker process. Both processes run on the same machine and use the same service account, and each

How to logon a user on a server and run a process given a Kerberos Ticket

廉价感情. 提交于 2019-12-13 21:18:04
问题 How does authentication and logon work on Windows with Kerberos? What I want to achieve is to logon a user on a server and run a process for that user. As a first step, I create a Kerberos ticket on the client and send it to the server. On the server, I do not know the API to logon the user given its ticket. Of course I can accept the security context using AcceptSecurityContext (SSPI), but that does not initiate a logon. I think that some SSH implementations for Windows do exactly that. But

The specified principle is not known in the authentication system

陌路散爱 提交于 2019-12-11 19:28:46
问题 I have a C# client based on SSPI and Java server based on GSSAPI. The flow communication flow is as below. Client creates TGT Client passes TGT to server Server uses the TGT and generates server token Server passes the server token to client Client uses that server token and generates the SGT My communication flow breaks from the 6th step. SSPI client failed to validate the server token with the error "Failed to invoke InitializeSecurityContext for a client. The specified principle is not

Common algorithm issue while trying to send an email using C#

僤鯓⒐⒋嵵緔 提交于 2019-12-11 10:38:41
问题 I'm trying to send an email via my C# application, but every time i try to send the email, an error occurs, saying " A call to sspi failed ", when i look at the inner exeption it says something like " The client and server cannot communicate, because they do not possess a common algorithm " My code is this: try { var fromAddress = new MailAddress("sender@domain.com", "Sender"); var toAddress = new MailAddress("receiver@domain.com", "Receiver"); const string fromPassword = "Pass123"; const

SASL bind over GSSAPI using kerberos credentials with ldap_sasl_bind_s function

回眸只為那壹抹淺笑 提交于 2019-12-10 10:07:04
问题 I am trying to implement SASL bind over GSSAPI using kerberos credentials with ldap_sasl_bind_s function. I follow to the steps described in ldap_sasl_bind_s(GSSAPI) - What should be provided in the credentials BERVAL structure chain I get expected return values for all calls described in the mentioned chain, until the last(third) call to ldap_sasl_bind_s, which fails with LDAP_INVALID_CREDENTIALS error. Also I see the following error occurs in the windows event viewer Error value: 80090308:

SSPI and SQL Server Windows Authentication

主宰稳场 提交于 2019-12-10 02:28:09
问题 I'm trying to connect to SQL Server with Windows Authentication. Microsoft C# and C sources can be found at NetCpp. In Delphi I have code like this: function TTDS7SSPI.MakeSPN: string; const szBracketedInstanceFormatString = '%s/[%s]:%s'; szBracketedEmptyInstanceFormatString = '%s/[%s]%s'; szClearInstanceFormatString = '%s/%s:%s'; szClearEmptyInstanceFormatString = '%s/%s%s'; szBracketedFormatString = '%s/[%s]:%d'; szClearFormatString = '%s/%s:%d'; var NeedBrackets: Boolean; FmtString: string

WCF: Why does passing in a remote endpoint fail?

本小妞迷上赌 提交于 2019-12-08 06:03:53
问题 The problem I am having connecting a wcf client application to a host running on a separate machine is documented in a question previously asked: WCF: Why does passing in a remote endpoint fail? However, the solution provided here says you need to use a SpnEndpointIdentity with an empty string. Since my code doesn't look anything like the case in the example I have referenced, I need to know what to do with the SpnEndpointIdentity object I have created. I have a ChannelFactory upon which I

Git for Windows, Domain Kerberos + ssh to Linux Server?

风格不统一 提交于 2019-12-05 08:07:04
问题 I've been bashing my head against the desk, attempting to provide an out of box, windows workstation git for developers. This already 100% works on Linux, you kinit, and then you ssh without being prompted. The Active Directory Domain Serves as the Kerberos Server, KDC etc.. My Linux Clients can get their kerberos tickets from it, and pass them to my linux servers, without any problem. In fact I've been so burned with kerberos AD, I know it incredibly well unfortunately. Normally on Linux

SSPI and SQL Server Windows Authentication

余生长醉 提交于 2019-12-05 02:33:16
I'm trying to connect to SQL Server with Windows Authentication. Microsoft C# and C sources can be found at NetCpp . In Delphi I have code like this: function TTDS7SSPI.MakeSPN: string; const szBracketedInstanceFormatString = '%s/[%s]:%s'; szBracketedEmptyInstanceFormatString = '%s/[%s]%s'; szClearInstanceFormatString = '%s/%s:%s'; szClearEmptyInstanceFormatString = '%s/%s%s'; szBracketedFormatString = '%s/[%s]:%d'; szClearFormatString = '%s/%s:%d'; var NeedBrackets: Boolean; FmtString: string; begin NeedBrackets := Pos(':', FHostName) > 0; if FInstanceName <> '' then begin // Make an instance
订阅 sspi