Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
0
votes
1 answer

Kerberos LDAP bind fails due to incorrect hostname (GSSAPI authentication)

Am dealing with an issue where I connect to a user provided LDAP server but sometimes the hostname is not available for the server. I either have the IP Address or the hostname at a give n time. Am able to fetch IP address from the given hostname…
Vicky
  • 61
  • 10
0
votes
1 answer

What are the security differences between "NegotiateStream" and "WebRequest" using SPNego/Kerberos?

The following link describes a traditional intranet client-server socket communication using Kerberos public class NegotiateStream : System.Net.Security.AuthenticatedStream ... // Request authentication. NetworkStream clientStream =…
TLDR
  • 1,198
  • 1
  • 12
  • 31
0
votes
1 answer

GSSAPI: importing a context created on a different host

I am learning about GSSAPI and am intrigued by the exporting/importing context feature of the API. I am designing an application that will involve multiple processes across multiple machines. My question, then, is: if I create a security context…
Joshua Gevirtz
  • 401
  • 3
  • 14
0
votes
1 answer

KafkaProducer - GSSAPI lib not available

I am writing a python program to connect to Kafka and read/write message. Producer error on executing python3 producer.py File "/opt/local/bgdatapp/anaconda3/lib/python3.7/site-packages/kafka/conn.py", line 255, in init assert gssapi is not None,…
arvj
  • 1
  • 1
  • 2
0
votes
1 answer

Usage of SPNEGO in C++ application to acquire Kerberos ticket

I did an C++ application which supposes to use Kerberos authentication to access HDFS. This application has webserver written on C++ as well. I'm trying to make transparent authentication in this application with Kerberos ticket. I made my server…
Yuri Dolotkazin
  • 480
  • 4
  • 13
0
votes
0 answers

yarn application command hangs due to absence of Kerberos ticket

Within a bash script, I am invoking yarn application command in order to get the current applications running on a Cloudera Hadoop cluster secured by Kerberos. In case my application is not running, it is necessary to restart…
aloplop85
  • 892
  • 3
  • 16
  • 40
0
votes
1 answer

Server side of GSSAPI for sshd and private key authentication

I'm looking at a way of authenticating users connecting to an SSH daemon. There might be some big misunderstanding in what I'm asking about, but from what I know the GSSAPI can be used as an authentication provider backend for the SSH daemon. Is…
viraptor
  • 33,322
  • 10
  • 107
  • 191
0
votes
1 answer

SSO using Kerberos on Windows and Linux

We have a client/server based application that is developed internally. Clients and server communicate over a TCP/IP connection with an application-specific protocol. The clients run on Windows and the server runs on Linux. All machines are in the…
rveerd
  • 3,620
  • 1
  • 14
  • 30
0
votes
1 answer

LDAP SASL bind works with FILE: cache type but not with MEMORY: cache type

Using C code I am trying to bind to an LDAP server using GSSAPI/SASL on a Debian stretch server. I initialize a kerberos credentials cache and then make the location of that cache known to the LDAP calls using the environment variable KRB5CCNAME.…
rlandster
  • 7,294
  • 14
  • 58
  • 96
0
votes
0 answers

What's the meaning of 'challenge' in SASL

I'm reading the RFC 4422 document which detail described the SASL framework, but English is not my native language. I really can't understand what's the 'challenge' mean in SASL? The following content is extracted from the document: Where the…
zluo
  • 13
  • 4
0
votes
1 answer

django request transport to custom database backend

My team is developing secure django project and we stacked with transport Django request into custom database backend. We made such an algorithm for GSSAPI(SPNEGO) authentication in django and delegating user credentials for server querying on…
Pavel Belyaev
  • 1
0
votes
1 answer

JMeter LDAP tests using GSSAPI/kerberos credentials

I would like to use JMeter to run some load testing against our OpenLDAP service authenticating using GSSAPI (i.e., Kerberos). How do I get JMeter to use a keytab with Kerberos credentials to do this? (Note: I tried following the directions here but…
rlandster
  • 7,294
  • 14
  • 58
  • 96
0
votes
1 answer

Kafka SASL_PLAINTEXT with GSSAPI for kerberos

I am trying to run a single kafka server using SASL and GSSAPI with plaintext but getting below error. [2018-10-03 16:08:54,220] ERROR [Controller id=0, targetBrokerId=0] Connection to node 0 failed authentication due to: An error: …
learner
  • 1,952
  • 7
  • 33
  • 62
0
votes
1 answer

How to access MongoDB using GSSAPI authentication mechanism?

I am trying to connect to the MongoDB server through a ssl certificate using c#. I am getting a System.TimeoutException (A timeout occurred after 30000ms selecting a server using the CompositeServerSelector). I started with connection via…
Vishal
  • 7
  • 9
0
votes
0 answers

API server relays Kerberos authentication by SPNEGO

I want Kerberos authentication with SPNEGO from Chrome on Windows PC to Hadoop(kerberized). In the case of requesting Hadoop directly from a windows PC as below, I think that authentication will pass normally. |Windows PC(Chrome)| -- SPNEGO -->…
t_uma66
  • 211
  • 1
  • 2
  • 4
1 2 3
18 19