291 questions
1
vote
1
answer
82
views
Kerberos authentication with SPNEGO in Swift
I am trying to build a MacOS application can manage calls to protected resources using kerberos authentication. In a browser, that's the seamless authentication which works easily (using the WWW-...
- 333
1
vote
1
answer
196
views
Unable to make S4u2self and s4u2proxy with keberos constrained delegation
purpose:
to ensure the correct operation of the proxy server. At the same time, I use the JWT token to authenticate incoming requests. It works correctly.
Next, I need to proxy the request by changing ...
- 29
1
vote
1
answer
279
views
How I can generate correct SPNEGO token from existing kerberos token using pyspnego?
I am trying to solve the problem of accessing a service (HTTP) using the kerberos constrained delegation mechanism. It seems that I am forming the kerberos ticket correctly, but at the same time ...
- 29
1
vote
2
answers
130
views
How to use a cached Kerberos TGS ticket with GSS API in Java?
I am trying to get a Kerberos TGS ticket from the cache (without contacting the KDC).
I create a TGT ticket using kinit and a TGS ticket, using kvno cifs/.
To ensure I have cached the tickets, I use ...
- 31
0
votes
1
answer
118
views
ldapsearch as computer account
I have a Debian 12 computer that is enrolled into the MS AD domain.
Users can login and perform LDAP searches using GSSAPI (this is an information security requirement), example:
$ ldapsearch -LLL -H ...
- 61
2
votes
1
answer
45
views
Is MIT Kerberos V5 in any way dependent on rpcbind on Linux?
I was wondering if MIT Kerberos is dependent on rpcbind in any way on Linux. If yes, when and why?
I haven't come across any resource online that addresses anything related to this. I do know that MIT ...
- 23
0
votes
1
answer
188
views
GSSContext, kerberos authentication, negotiate
i've simple java endpoint to validate user credentials on server A
(this is where my java application run)
so when user hit /kerberos-auth it should be able validate user identity
that connect to the ...
- 35
0
votes
1
answer
191
views
Why can't I access gitea with SSH using Kerberos
I have gitea running in a VM, and I use kerberos for SSH authentication within my network.
As things stand:
I have my normal user on my daily driver (foo)
The gitea server has two relevant users: foo,...
- 2,434
0
votes
1
answer
81
views
When Access restarts, GSSAPI authenticated ODBC connections to PostgreSQL are lost
I have an Access front end which I'm trying to connect to a postgresql database.
I use DSNless connections which I create with the following connect string:
Driver=PostgreSQL Unicode;DATABASE=dbname;...
- 140
0
votes
1
answer
415
views
How to organize http client requests authorization via spnego?
I am trying to authenticate on remote sever with kerberos, using http4s scala client.
After researching this tech, I realised that.
Firstly I need to make some empty request to server with no special ...
0
votes
1
answer
726
views
KRB5CCNAME is missing
The problem is I have no KRB5CCNAME in $_SERVER[] (php) for LDAP search.
I login to the server via kerberos gssapi, from Ubuntu to Windows Server 2012, using Samba.
On my site (PHP), I authorize with ...
- 1
-1
votes
1
answer
1k
views
OpenLDAP SASL/GSSAPI: Invalid credentials (49) SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context
Trying to configure my OpenLDAP to use SASL/GSSAPI (kerberos) authentication. My KDC server is up and running and I am able to create all of my principals and SPNs, and can kinit just fine.
But when ...
- 69
0
votes
0
answers
84
views
Jndi connect to LDAP by GssApi KrbException: Server not found in Kerberos database (7)
I use GSSAPI to connect to LDAP.
JNDI connect to LDAP by GssApi KrbException: Server not found in Kerberos database (7)
This is my code:
URL url= this.getClass().getClassLoader().getResource("...
- 1
0
votes
1
answer
2k
views
SASL GSSAPI: ldap_sasl_interactive_bind : Other error (80) no credentials supplied
ldapsearch or ldapwhoami results in
# ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind: Other (e.g., implementation specific) error (80)
additional info: SASL(-1): ...
- 69
0
votes
1
answer
393
views
Kafka auth failed while implementing GSSAPI auth in Nodejs app
I’m currently looking to connect my nodejs app (using kafkajs package) with
a kerberised kafka cluster (GSSAPI enabled, openldap) but facing the
SASL_AUTHENTICATION_FAILED error when trying to ...
- 1,328
0
votes
1
answer
420
views
GSSAPI Negotiate authentication fails different domain DNS and Windows Active Directory
From my browser I want to open the site http://auth.another.com and do authentication with kerberos
AuthType: “Negotiate”. I don't want to enter user and password (AuthType: Basic).
If i use http://...
- 651
0
votes
0
answers
280
views
LDAP SASL (Kerberos) is successful but I can't perform ldap_search_s
Wireshark packet here I would like to ask you a question about implementing multiple authentication with Kerberos, using SSPI and LDAP API.
My environment is Windows Server 2019 and the client machine ...
1
vote
0
answers
272
views
Erlang SASL GSSAPI error: Cannot contact any KDC for realm
Sorry, if I'm not providing the right detail, I'm fairly new at this and it's the first time I'm trying to consume from kafka through kerberos authentication.
I'm using the brod_gssapi ([https://...
- 21
0
votes
1
answer
132
views
Datagrip | GSSAPI Initiate Failed when trying to connect to impala
I'm trying to connect to Impala using jdbc, and am receiving the following error:
Unable to connect to server: GSS Initiate Failed.
I did run Kinit before.
I'm running datagrip 2023.1.1, and it seems ...
0
votes
0
answers
85
views
Using Vert.x package io.vertx.ext.auth.kerberos.KerberosOptions is not permitted as it's no longer available
I wanted to update unused code that is now required in order for a Java Vert.x application to authenticate to Kerberos protected api endpoint. However the kerberos packages ( io.vertx.ext.auth....
- 57
2
votes
0
answers
704
views
Is it possible to get Kerberos logging using gssapi inside secure context?
I am using gssapi to create a Flask server that is protected by Kerberos authentication. I am wanting to debug some Kerberos errors I am seeing and hence I would like to turn on debug logging by means ...
- 12.2k
1
vote
0
answers
728
views
ImportError: GSSAPIProxy requires the Python gssapi library
Hello after updating to python 3.11.5 i am getting this particular import error on all of my scripts. Anyone knows what i need to install/update for this
ImportError: GSSAPIProxy requires the Python ...
- 393
0
votes
0
answers
129
views
Authenticate against a remote system in Eclipse using GSSAPI
When I'm trying to connect to a remote system in Eclipse using GSSAPI, Eclipse asks me for the active directory user's password.
I know that there are configurations in Eclipse "Preferences"...
2
votes
0
answers
931
views
How to connect to Postgres from Spring Boot using GSS API?
I'm try use GSS API for auth in PostgreSQL from Spring Boot;
I'm use virtual machine with Postgres (it's in my domain). I can connect to Postgres using my Windows account in Windows using psql tool. ...
- 51
0
votes
0
answers
305
views
Access to LDAP using a keytab in Java
I want to access an LDAP directory in Java using a keytab. However, my keytab appears as null.
Password access works with this code after the logincontext has been created (I get my tickets in ...
0
votes
0
answers
363
views
SunJGSS in FIPS mode
I need to use "SunJGSS" as one of the security providers in a FIPS environment. Is there a FIPS version of the "SunJGSS" Provider or if the underlying JCE/JCA is a FIPS provider ...
- 280
0
votes
0
answers
579
views
How do I use Kerberos tickets to execute commands via SSH on a remote server?
I would like to host a web service (Jupyterhub) which executes the following steps for a user:
Acquire Kerberos ticket from user
Use Kerberos ticket to spawn batch job on remote server
Therefore, I ...
- 716
1
vote
0
answers
290
views
How to run an SSH command on a remote machine using JSCH via GSSAPI/Kerberos in a Java web app with Waffle SSO auth/JAAS?
I am using a Java Spring Boot application with Waffle SSO library waffle-spring-security4 2.0.0 and have installed and configured MIT Kerberos. The ticket cache is working fine, and running "...
- 91
-1
votes
1
answer
201
views
Does anyone implemented JSch using Kerberos/GASAPI-based authentication
As we are in corporate environment and with basic configuration changes, SSH Kerberos working seamlessly in OpenSSH
SSH -K [email protected]
Since default Kerberos setup didn't work, we have ...
- 91
1
vote
1
answer
2k
views
How to set preferred Kerberos/GSSAPI library in ssh config file?
I can connect to a remote host using Kerberos in PuTTY on Windows 10, but I cannot do the same thing in VS Code.
In PuTTY, there is a setting (see below) that specifies the order of GSSAPI libraries:
...
- 79
1
vote
0
answers
217
views
Getting error connecting to Kafka Kerberos
getting this error :-
SASL authentication error: SASL handshake failed (step): SASL(-1): generic failure: GSSAPI Error: An invalid name was supplied (Success) (after 25ms in state AUTH_REQ)
kinit ...
2
votes
1
answer
471
views
Arcgis & Python: Azure YAML pipeline fails with "Command 'krb5-config --libs gssapi' returned non-zero exit status 127."
I am deploying my Python code to an Azure Function with Python runtime 3.9, using the following yaml pipeline:
trigger:
branches:
include:
- dev
- test
- uat
- prod
...
- 7,989
2
votes
2
answers
10k
views
GSSAPI Docker Installation Issue - /bin/sh: 1: krb5-config: not found
I successfully tried out GSSAPI to generate kerberos tickets in my Python app locally on my Mac. Now I am trying to package this as a Docker image.
When I try to build the image I keep getting this ...
- 1,139
0
votes
0
answers
158
views
How to verify user credentials against companys LDAP-Server via PHP (Server is accessible via LDAP Admin)?
I am trying to write an application in php, that verifies user-credentials against the companys ldap-server. The application runs on a virtual (Debian) Server located inside the company.
What I have ...
- 23
1
vote
0
answers
1k
views
golang:1.19-alpine does not pull latest librdkafka package
I have Kafka consumer Golang application. I'm trying to deploy it in PKS cluster. Here is the docker file that I have defined,
FROM golang:1.19-alpine as c-bindings
RUN apk update && apk ...
- 195
1
vote
1
answer
1k
views
Dockerfile configuration for GSSAPI with SASL_SSL support for alpine based Go image
I have a Confluence Kafka consumer written in Golang. I am trying to deploy it in a PKS cluster.
The Kafka config looks like this,
kafka.bootstrap.servers=server.myserver.com
kafka.security.protocol=...
- 195
2
votes
0
answers
1k
views
SSH GSSAPIAuthentication/Kerberos works in CMD but not working from Java program
We are in the corporate windows AD network, When we try to execute the below SSH command in CMD, it works fine,
ssh -o GSSAPIAuthentication=yes [email protected]
We have tried to run the ...
- 91
0
votes
1
answer
1k
views
Can't authenticate using SSH on Kerberos client from Kerberos server
I have a Kerberos server and a Kerberos client on one Realm. Both of these machines have OpenSSH Server and Client installed and configured in the same way to use Kerberos GSSAPI authentication.
I can ...
- 33
1
vote
0
answers
5k
views
RHEL8 and GSSAPI Kerberos authenticate through Apache issue
I'm trying to run an apache virtualhost, on a machine currently running Red Hat Enterprise Linux release 8.5 (Ootpa), with Kerberos authentication using the new GSSAPI module (replacement of ...
- 125
1
vote
1
answer
507
views
Build libssh with vcpkg enable gssapi
I'm trying to build libssh with vcpkg for windows x86 but i need to enable gssapi support.
With standard command vcpkg install libssh i'm getting an dynamic library but the log files shows that gssapi ...
- 151
3
votes
1
answer
2k
views
ldap Invalid Credentials While Authenticating User(NodeJs)
There are two Active Directory (LDAP Servers). Following are the users which belongs to their servers respectively.
Server user password
1- abc.pk ...
- 31
0
votes
1
answer
469
views
Adapting the forwarding to Flask application with routes and static files with the Apache 2
There is a Flask Application running on the http://servername.com:5000/. It encapsulates some Bootstrap and static files provided in gis_webapp/static/... which works the way it should.
This is the ...
- 288
1
vote
0
answers
272
views
getgrouplist behaviour in Single Sign-on using (GSSAPI) vs Username/Password login via PAM
I have a program(C, Redhat) which lets the user login using Single Sign-on via GSSAPI/(Kerberos) or username/password via PAM.
After the login the user groups are fetched from Active Directory using ...
- 193
1
vote
3
answers
1k
views
Confusion about Java App auth in AD based on Kerberos MSLSA ticket cache
The task is to get myapp to auth in AD using Kerberos ticket cache from MSLSA with no password prompting and without keytab. Right now I'm able to get TGT cache — which is FORWARDABLE and PROXIABLE — ...
- 111
1
vote
0
answers
483
views
Send via SMTP using GSSAPI authentication with Python or Perl
Our SMTP server supports the GSSAPI AUTH mechanism. I would like to write a script, preferably in Python 3 or Perl, that does an e-mail send to the SMTP server using GSSAPI. I can send using username ...
- 7,805
0
votes
1
answer
1k
views
Kerberros GSSAPI doesn't work within kafkacat alpine container
Previously I've reported it into kafkacat tracker but the issue has been closed as related to cyrus-sasl/krb5.
podman run --rm -it --name kafkacat-DEV \
-v$(pwd)/conf/integration:/conf -v$(pwd)...
- 5,389
1
vote
1
answer
5k
views
How to use GSS-SPNEGO for ldapsearch bind
I would like to use ldapsearch for an authentication test to a remote Windows server from a Linux instance (Amazon Linux OS). Kerberos bind is working via GSS-API installed from package cyrus-sasl-...
- 11
0
votes
0
answers
723
views
kerberos token using java GSS API which is equivalent to token created while singing in to Windows
Is it possible to generate a kerberos token using java GSS API which is equivalent to token created while singing in to Windows.
i.e. Is it possible to create a self sign kerberos token using GSS APIs....
2
votes
0
answers
459
views
Creating a LdapContext from valid ldap service ticket using GSSAPI
Please Note:- I just want to validate whether the following can be achieved using the JAAS/GSSAPI. I am not able to find any pointers.
Let me first clear the constraints on my application:
We can't ...
- 1,118
5
votes
1
answer
879
views
Understanding and exploring how JAAS-GSSAPI-JNDI work together behind the hood
I have been trying to understand how these different APIs glue together behind the scenes. Though this question might seem to be a broad one, I also want to understand a particular scenario. Any ...
- 1,118