Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
0
votes
1 answer

ldap_search_s fails if I use root as a base dn when SASL(Kerberos) authentication is used to bind to ldap

I have an application where I use SASL(Kerberos) to bind to ldap. In this case ldap_search_s function returns operation error when I use root as a base dn. In example if base_dn="DC=AD" and filter is (cn=administrator) ldap_search_s returns 1.…
Grigor Aleksanyan
  • 367
  • 2
  • 14
0
votes
1 answer

How to get the principal name after authentication

Using MIT gss-api libraries, I've written a C program which gets as an input the full Negotiate token and performs the kerberos authentication (using keytab on the server side). The program successfully calls gss_acquire_cred and then…
nambar
  • 573
  • 1
  • 5
  • 17
0
votes
1 answer

"No common protection layer between client and server" error when connecting to LDAP using GSSAPI I got

When connecting to LDAP using GSSAPI Hashtable env = new Hashtable<>(); env.put(Context.INITIAL_CONTEXT_FACTORY, LdapCtxFactory.class.getName()); // Must use fully qualified hostname env.put(Context.PROVIDER_URL, ldapUri); //…
Lukas
  • 13,606
  • 9
  • 31
  • 40
0
votes
1 answer

Google Site Search C# API doesn't return any promotions

I am using google's "CustomSearch API Client Library for .NET" and trying to retrieve the promotions which I have created through the Control panel with the Add Promotion functionality. I have a paid version of Google Site Search. When I test it…
A.D.
  • 13
  • 3
0
votes
3 answers

Not sure why I am getting an undefine refence to gss_str_to_oid error

I am using gssapi in C for the first time. I am trying to reconstruct example on Oracle doc http://docs.oracle.com/cd/E19683-01/816-1331/sampleprogs-1/index.html. In my .c file I call gss_str_to_oid(&min_stat, &tok, oid); and get an undefined…
Aaron
  • 4,380
  • 19
  • 85
  • 141
0
votes
0 answers

javax.security.auth.useSubjectCredsOnly Equivalent in Python

Can someone tell me what the equivalent would be if I was using python? In Java I set the following to FALSE to allow for the underlying Kerberos mech to be used instead of SPNEGO. javax.security.auth.useSubjectCredsOnly = false
user2709399
  • 37
  • 9
0
votes
2 answers

SSH/Kerberos not working on OSX

So I have tried and tried to get my ssh to work with kerberos on Mavericks to no avail. Here are my versions: ssh: OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 kerberos: Heimdal 1.5.1apple1 I also tried the built in ssh with no effect as well. Here is…
Nicholas Terry
  • 1,812
  • 24
  • 40
0
votes
1 answer

GSS_S_FAILURE on gss_import_name API

So here's my code: #include "QCSRC/GSSAPI" void main() { OM_uint32 wRC; OM_uint32 minor_status; …
Herbert Pfeifer
  • 1
  • 2
0
votes
2 answers

GSS-API Exception - Cannot find key of appropriate type to decrypt AP REP - AES128

I'm writing a UserAuthGss for a ssh client using Java 6. The server, after receiving the first client token calls GSSContext.acceptSecContext on that token. The Server is throwing this exception: GSSException: Failure unspecified at GSS-API level…
jclum
  • 91
  • 1
  • 5
0
votes
1 answer

gssapi error - Server not found in Kerberos database

I'm trying to write a kerberos aware application using the gssapi in c. I've been following the guides on this site, but I am getting stuck when calling gss_import_name with HOST/SERVER-NAME in my buffer.. I keep getting the error "Server not found…
Brian Schlenker
  • 4,966
  • 6
  • 31
  • 44
0
votes
1 answer

LDAP Bind issues with ticket from Kerberos using GSSAPI

I have been trying to make an application which needs to bind to LDAP server using GSSAPI using the ticket provided by the Kerberos server. I am using Novell's JLDAP library for this purpose. I am able to get a ticket from the authentication server…
chandan Thakur
  • 1
  • 1
0
votes
1 answer

After upgrading to JRE 6 update 45, kerberos authentication fails

We use kerberos authentication to perform SSO. Earlier our product was on JRE 6 Update 22 and everything used to work fine. We recently migrated to JRE 6 update 45, and the kerberos authentication fails. So, basically the code performs 2 steps -…
pavitra
  • 31
  • 2
0
votes
1 answer

Protocol problems: LDAP and GSSAPI authentication

I'm currently trying to implement GSSAPI support in a third-party LDAP library (the Common Lisp library trivial-ldap). I got it to work when authenticating to an AD server (using the mechanism GSS-SPNEGO) but when trying to talk to an OpenLDAP…
Elias Mårtenson
  • 3,820
  • 23
  • 32
0
votes
2 answers

Exporting GSSCredential to byte array and vice versa

I am implementing S4U protocol using GSS in java. Since java 7 does not support this protocol, I plan to write a JNI wrapper over the gss api methods in C that do not have equivalent in java. As part of this I am writing a JNI over…
Varun
  • 51
  • 1
  • 5
0
votes
1 answer

Want to clarify some general concepts of GSS-API kerberos programming‏

I am new to GSS-API. And I am in a project, whose goal is to make a KERBEROS implementation. I read the application developers documentation in MIT's - http://web.mit.edu/kerberos/krb5-latest/doc/appdev/index.html link. And also read RFC-2744…
monic
  • 1
  • 1
1 2 3
18
19