Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
0
votes
2 answers

KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. while connection to mongodb with GSSAPI

I have setup Active directory with kerberos authentication on windows server 2012 r2, set mongodb server on a 2nd machine. Started mongodb with GSSAPI authentication, Now if I try to connect to mongodb using the follwong url mongo.exe --host…
Rajesh Kumar
  • 1
  • 1
  • 1
0
votes
1 answer

A 500 Internal Server Error while running Google site search

This is a first time we are using GSS and applying in our application. If we search a query in GSS we are getting good result depending upon the websites we have added to be searched from. But if we give GSS around a hundred queries one by one in a…
Harinarayan
  • 121
  • 1
  • 2
  • 12
0
votes
0 answers

GSSException: Token had invalid integrity check issue

I am facing a strange problem with Kerberos/Ldap authentication using GSSAPI. I have a simple java class that does authenticate to Kerberos then do an Ldap search. This program does fail on some of our KDC/AD controllers with this exception: No…
Hassene Ben Amara
  • 111
  • 2
  • 13
0
votes
2 answers

why i am getting Cannot redeclare httpGet() error

Below is the code in which I am getting error: for ($i = 0, $count = count($arr1); $i < $count; $i++) { print $arr1[$i]."\n\r\n\r\n\r\n\r


"; $_SESSION['arrayvalue'] = "$arr1[$i]"; $in = $arr1[$i]; $in = str_replace('…
Harinarayan
  • 121
  • 1
  • 2
  • 12
0
votes
0 answers

HBase+Kerberos: UserGroupInformation logging in from keytab expires?

We are using the method UserGroupInformation.loginUserFromKeytabAndReturnUGI(user, keytab) to authenticate a Java program to write to a remote HBase cluster. When the application first starts up we are all good and it's talking to HBase happily. The…
jastang
  • 386
  • 5
  • 14
0
votes
0 answers

LDAP with kerberos authenication in Java

I'm having some problems with using kerberos authenication for a client on an LDAP directory. My program is written in java and I'm using the GSSAPI to handle kerberosv5 Auth. I strictly followed the oracle tutorial that you can find at this link :…
Matteo
  • 31
  • 1
  • 5
0
votes
0 answers

SSO fails with in Windows 8 with NegoEx, succeds on another without NegoEx

I am deploying an application on Windows 8.1 which has SSO enabled (uses NTLM). There are two examples: good and bad. The only difference that has been determined between the two is that in a failure scenario, the wireshark trace show that NTLM…
A J
  • 1
  • 1
0
votes
0 answers

ssh multihop with gssapi

I have set of linux machines configured with GSSAPI SSO. After logging in to first machine (jump host) with password, I can connect by SSH to all other machines with kerberos ticket. Now I'd like to automate connections to other hosts. I've tried…
Jarek
  • 329
  • 2
  • 13
0
votes
1 answer

Using GSS-SPNEGO with gss_krb5_import_cred

I'm trying to implement the programming logic for requesting TGT for my application, thus it wouldn't be necessary to call kinit from command line before authenticate to an LDAP server via GSSAPI and GSS-SPNEGO mechanisms. I create an in-memory…
noirello
  • 51
  • 1
  • 11
0
votes
1 answer

Jetty SPNEGO/SSO gives NPE. Expected cause krn5.ini?

We're facing an issue where Jetty SPNEGO gives an NPE inside SpnegoLoginService.login() The gssContext.getSrcName() call returns null. The SPN is: HTTP/machine.dd.aa.net@EE.AA.NET Must there be a special setup in the KRB5.INI file when dd.aa.net …
Houtman
  • 2,819
  • 2
  • 24
  • 34
0
votes
1 answer

gss_acquire_cred on Windows

I'm trying to acquire credentials for Administrator on Windows host. I'm under mingw64_shell. Here is my credential: $ klist Credentials cache: FILE:/tmp/krb5cc_1049076 Principal: Administrator@CORP.PEROKSID.COM Issued Expires…
peroksid
  • 357
  • 3
  • 14
0
votes
1 answer

How to get client user name using established GSS API context

I'm implementing Windows -> Linux transparent authentication using Kerberos. On Windows side I use SSPI. And I successfully establish context between Windows client and Windows server, retrieving client's user name like that: SecPkgContext_Names…
Viktor
  • 392
  • 2
  • 8
0
votes
0 answers

Transparent authentication from Windows Desktop application to linux daemon

I have Qt C++ application for Windows and Linux daemon. Windows machine is in domain (2008 R2 as a AD controller). I need to implement transparent authentication of Windows logged user to Linux daemon. I found out that Kerberos 5 is modern security…
Viktor
  • 392
  • 2
  • 8
0
votes
0 answers

Getting unknown server error while initializing GSS security context

Working on a cocoa OSX app, Mac bind with active directory and logged in as active-dir user. Getting the unknown server error while initializing GSS security context: with a PrincipalName provided by the server. gss_init_sec_context major: unknown…
dips
  • 370
  • 6
  • 17
0
votes
1 answer

GSS-API Kerberos Authentication

Im trying to create a application that can authenticate a user using kerberos ticket. I dont know how can i proceed with this. i have wrote some code to get spengo token from header and then extract the kerberos token from it. but i receive only a…
Thilina27
  • 1
  • 2
1 2 3
18 19