Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
0
votes
0 answers

How can we specify keytab based login information for multiple user principals while using Java GSS-API with Kerberos?

I am using Java GSS-API with Kerberos for secure Authentication. I want to connect to two different KDC Servers from single Client program to access multiple services. For that I am using configuration file krb5.conf as shown…
Prashanth Reddy
  • 13
  • 3
0
votes
1 answer

gss_accept_sec_context() failed: An unsupported mechanism was requested

I have a client on windows which is sending a kerberos token obtained from windows using sspi. When I pass in client's token to gss_accept_sec_context on server (Linux Redhat 8) , I get "An unsupported mechanism was requested" I am calling the…
ekhanad
  • 154
  • 2
  • 8
0
votes
1 answer

Issues getting kerberos/Windows AD login work for a web service

I have been struggling with this for quite a while now, and I can't get it to work. Here is the setup: I have a nginx webserver serving a django app at mywebapp.k8s.dal1.mycompany.io It has the SPNEGO plugin compiled in and I have the following…
rep_movsd
  • 6,675
  • 4
  • 30
  • 34
0
votes
1 answer

SPNEGO uses wrong KRBTGT principal name

I am trying to enable Kerberos authentication for our website - The idea is to have users logged into a Windows AD domain get automatic login (and initial account creation) Before I tackle the Windows side of things, I wanted to get it work…
rep_movsd
  • 6,675
  • 4
  • 30
  • 34
0
votes
2 answers

Gssapi+Freeipa+Python. Can't find client principal. But it exists. Why?

What I do first: >kinit Default principal: bob@R1.COM Valid starting Expires Service principal 18.06.2020 18:27:11 19.06.2020 18:26:26 postgres/c1.com.ru@R1.COM 18.06.2020 18:27:11 19.06.2020 18:26:26 …
user3449619
  • 3
  • 4
0
votes
0 answers

gss_inquire_cred returns GSS_S_BAD_MECH

The gss_acquire_cred with default arguments always returns GSS_S_BAD_MECH. Anyone who got this working? or have tips? OS is Redhat Linux 8.0 (Ootpa) and Kerberos 5 version 1.16.1 is installed. I am using the following code: ...... gss_cred_id_t…
ekhanad
  • 154
  • 2
  • 8
0
votes
1 answer

Verify credentials with python and kerberos

I'm working on a project for university. I set up a server which has to verify several credentials (username and password) with a kerberos 5 server (which is a seperate server in my network). I don't have to perform any actions with the rights of…
Cal Blau
  • 117
  • 4
  • 14
0
votes
0 answers

Deadlock between krb5_cc_destroy and krb5_cc_cache_match

I am a developer/maintenance for a commercial network appliance product and this is a regarding a Customer issue. This is a C/C++ based application running on MontaVista and the process has 8 threads. Two threads that are processing a Kerberos…
user2595010
  • 1
0
votes
1 answer

Verify credentials using krb5 and GSSAPI Python

I'm working on a project for university where I have to verify credentials as a last step. I should verify if those credentials are valid and I don't have to connect to any service or gain any rights. I'm a bloody beginner in this feeld so please be…
Cal Blau
  • 117
  • 4
  • 14
0
votes
2 answers

How to configure Kafka server with SASL_SSL and GSSAPI protocols

I am new to Apache Kafka, and here is what I have done so far, Downloaded kafka_2.12-2.1.0 Make Batch file for Zookeeper to run zookeeper server: start kafka_2.12-2.1.0.\bin\windows\zookeeper-server-start.bat…
Muhammad Faizan Khan
  • 10,013
  • 18
  • 97
  • 186
0
votes
1 answer

Kafka with Kerberos

I'm encountering the following errors while configuring kafka with Kerberos authentication. Can somebody please let me know, what could be going wrong here in getting it fixed. Tried various options, but nothing seems to be working for me. I could…
Ahshan Md
  • 105
  • 2
  • 11
0
votes
1 answer

GSSAPI: The Security Context Loop

The Oracle GSSAPI Java examples, and various SPNEGO / GSSAPI IETF RFCs indicate that both the GSS initiator (client) and acceptor (server) should have a loop to establish a security context, and that the client may need to make multiple passes with…
FlyingSheep
  • 804
  • 1
  • 9
  • 20
0
votes
1 answer

Generate SPNEGO Token Failured

I tried to generate the token which can be used as the HTTP header to authenticate to the HDFS WebHDFS URL and Oozie REST API URL. I referenced the url below to have the below code to generate the Negotiate…
JMS
  • 13
  • 1
  • 7
0
votes
0 answers

Creating topics in SASL/GSSAPI (Kerberos) based Kafka Cluster

We have a SASL/GSSAPI (Kerberos) based authentication scheme in our Kafka cluster. Brokers are configured to authenticate with Zookeeper and each other. We added a principal to the "Super Users" list on all the brokers so that we can create topics…
Furhan S.
  • 1,494
  • 2
  • 13
  • 22
0
votes
0 answers

How to login by username/password with Kerberos?

I’m trying to access active directory in our server using Kerberos(GSSAPI). Firstly try current windows user, if refused, user can input new one. Most of the documents mentioned Kerberos can authorize without password (current user),but little about…
wwc
  • 101
  • 6
1 2 3
18 19