Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
1
vote
1 answer

How to get user name before accepting security context using token send by client?

I am working with application which acts as a server and uses GSSAPI for kerberos authentication. Application working At start application do Acquire credentials when ever client sends negotiate : token accepts context using…
Gangadhar
  • 10,248
  • 3
  • 31
  • 50
1
vote
2 answers

GSSAPI - Windows Active Directory Interoperability - error accepting context: Wrong principal in request

We are writing softwares that run on both Windows and Linux, and plan to use Windows Active Directory for authentication. I am struggling with the issues described below, and would appreciate any help very much: Domain name: CORP.COMPANY.COM Test…
Kapil Vyas
  • 607
  • 2
  • 8
  • 22
1
vote
1 answer

Using SSPI, how should one send a Kerberos token to a GSSAPI enabled HTTP proxy server?

I have a simple client socket application that I want to access an website with. In order to access the Internet, my client must go through a HTTP proxy server (I'm using Microsoft Forefront Threat Management Gateway). The proxy server requires…
charunnera
  • 357
  • 4
  • 16
1
vote
0 answers

Impersonating a thread using GSSAPI's established security context, on Windows

I am working on enabling Kerberos authentication/delegation in my application. My setup: The client is any web browser. The server runs on Windows and hosts some of my services, with Apache/Tomcat as the front end. The server can delegate work to…
user2237963
  • 103
  • 7
1
vote
1 answer

gss_display_name() failed: A required input parameter could not be read: An invalid name was supplied (, Unknown error)

I'm trying to setup Kerberos authentication on Apache 2.2.15-30 (CentOs 6.5), and am facing an issue that I'm not able to debug or solve. I can see the TGS request in the KDC log and Firefox sends the correct Authorization: Negotiate header, but…
user3801448
  • 11
  • 3
1
vote
1 answer

Validating a kerberos service ticket using gss-api

I want to make a program to do traffic authorization using gss-api/kerberos. So far i can contact a SSOS and get a service ticket. If the user does not have a TGT i am doing something similar to kinit in my code. My code ends with the user having…
Rafael Saraiva
  • 908
  • 2
  • 11
  • 23
1
vote
2 answers

gss name is corrupted in java for irish fada chars

windows-xp sends the SPNEGO token in the authorization header to the our server which understands the kerberos protocol. The server application is implemented using gss-api provided by java. our code extract the upn name from the spnego token and…
user3329152
  • 11
  • 1
1
vote
1 answer

Why Firefox keeps negotiating kerberos service tickets?

I ran some tests on Kerberos and found out some strange behavior related to Firefox and Kerberos. I have a server running Apache + mod_auh_kerb which is configured to check kerberos credential when serving requests from clients. Kerberos…
user254482
1
vote
1 answer

GSSAPI: gss_export_name returns a blank

I am having a problem with exporting a name using gss_export_name, I though that once the name is exported I should be able to just print it but I am turning up a blank Literaly EXPORTED NAME: , EXPORTED NAME LENGTH: 47 Here is my code OM_uint32…
pu239ppy
  • 129
  • 1
  • 9
1
vote
1 answer

how do i renew a kerberos service ticket using GSS API

I use GSS API to authenticate myself with the SMB 2.0 server using Kerberos authentication (gss_init_sec_context call). I know that I can renew TGT using kinit -R command. But I want to be able to renew my service ticket obtained as well. In the…
zapstar
  • 489
  • 2
  • 9
  • 21
1
vote
0 answers

Is Kerberos (GSS API) supported by iOS 5 or 6?

I think I've dig SO through but haven't found proper answer. Some people here say that there is no support for Kerberos in iOS, however, following links and findings seems to point to opposite direction. Apple says there is somewhat support for GSS…
daneel
  • 85
  • 1
  • 9
1
vote
1 answer

InitialLdapContext fails with Java 6 and Java 7

I am working with GSSAPI successfully with JAVA 5. With JAVA 6 and 7 the InitialLdapContext call fails with the following stacktrace: >>>KRBError: sTime is Fri Jun 14 13:40:01 CEST 2013 1371210001000 suSec is 948732 error code is 7 …
user2583681
  • 21
  • 4
1
vote
1 answer

JAVA & GSSAPI: Clearing cache

I wrote a simple java application that uses GSSAPI in order to connect to Active Directory (Kerberos SSO). I have 2 realms and KDCs: x and y. If I'll run the tool with realm/KDC x - The tool will work. If I'll run the tool with realm/KDC y - The…
Programatic
  • 103
  • 1
  • 1
  • 5
1
vote
1 answer

Java/C# Kerberos inter-op possible?

I have implemented a Kerberos server/client using sockets in Java, where the client sends his service-TGT to the server, and the server knows the client is authentic. My main concern is the snooping 'man-in-the-middle' attack. Someone could…
djb
  • 1,635
  • 3
  • 26
  • 49
1
vote
1 answer

Postdatable Kerberos tickets in Java

I need a postdatable Kerberos ticket in my Java application. But I did not find any method in the GSSContext interface. Does Java not support this Kerberos feature? The purpose is as follows: In our application, users can set up a batch that will…
FrankPl
  • 13,205
  • 2
  • 14
  • 40
1 2 3
18 19