Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
8
votes
1 answer

SASL vs. gssapi

I am doing a project which involves authentication and I can't quite grasp the difference between SASL and gssapi. Is gssapi used under the covers of SASL? Can I use gssapi without SASL? What is the correct thing to do? If I use libsasl, do I…
No One in Particular
  • 2,846
  • 4
  • 27
  • 32
8
votes
1 answer

gss_acquire_cred failing with No key table entry found

I am trying to make a windows client authenticate with a Linux server in a domain-joined scenario, I have created a service principal based on the documentation provided as part of PBIS/gssapps and MSDN GSS/SSPI interop documentation. Updated the…
amritanshu
  • 777
  • 13
  • 25
8
votes
1 answer

Kerberos: difference between UPN and SPN

I'm now kerberizing a cross-platform application with GSSAPI. While I'm not clear about the difference between UPN and SPN. The development environment is a Samba4 AD DC server on CentOS 6.4 with a Windows server 2008 R2 a member box in the domain,…
Summer_More_More_Tea
  • 12,740
  • 12
  • 51
  • 83
8
votes
2 answers

GSSException: Message stream modified (41)

I'm working with an LDAP in forest architecture (all servers and my server are windows). I'm binding to the AD using NTLM authentication. I have a Java code that perform the operations against the LDAP server. The code is wrapped as a tomcat…
Matan
  • 680
  • 2
  • 14
  • 24
8
votes
1 answer

Kerberos for Thrift?

I have a simple Thrift based java application I have written. It is really very simple, not much more than a "Hello World" message transport using Thrift in java. I have been told that I need to add Kerberos support to my message. I have done…
Wanderer
  • 1,583
  • 4
  • 20
  • 36
7
votes
1 answer

Kerberos with Java

i am try to login kerberos kdc from Java. But Java is throwing exception. Seems like login is successful but something is stops login. I dont know why ? Someone have solution for this problem? Here is my java system output: Debug is true storeKey…
Kadir BASOL
  • 729
  • 2
  • 10
  • 20
6
votes
1 answer

Enable LdapEnforceChannelBinding in Java based applications

Microsoft introduced a 'LdapEnforceChannelBinding' option requiring clients to provide channel binding information in order to connect to AD over SSL/TLS. After this has enabled in AD, Java applications which use Kerberos/ LDAP authentication…
pasanbsb
  • 445
  • 2
  • 4
  • 13
6
votes
1 answer

Functional test for Kerberos Ticket Validation

I have written some code to validate a client's kerberos ticket on my server. I have also written unit tests for my classes. The unit tests are written by mocking the calls to the GSS library classes. This does not give me enough confidence though…
Gautam
  • 1,862
  • 9
  • 16
6
votes
2 answers

How to verify kerberos token?

so it's me again with some AD and Kerberos problems. Alright cool, I get a kerberos token from the WWW-Authenticate header. Now I want to verify this token against an AD but I don't know how. I found some stuff from GSSAPI but didn't see a function…
Nico
  • 1,727
  • 1
  • 24
  • 42
6
votes
3 answers

How does SPN with Kerberos works

As I understand it, SPN is an authenticating tool for windows services. Kerberos is a user authentication service SPNEGO-GSSAPI is the third party API to be able to use those services. SSPI : is the Neutral layer to send request from SPNEGO to…
Jonathan L
  • 73
  • 1
  • 1
  • 4
6
votes
3 answers

Does *anyone* have Windows SVNServe authenticating to AD/Kerberos via SASL/GSSAPI?

Scenario: Windows server in a AD domain hosting a Subversion repository using SVNSERVE only (no Apache), and not VisualSVN. Objective: Authenticate users to the Subversion repository via SASL through GSSAPI to a Windows domain via Kerberos.…
David W
  • 10,062
  • 34
  • 60
5
votes
1 answer

Java GSS-API Service Ticket not saved in Credentials Cache using Java

I have created 2 demo Kerberos Clients using the GSS-API. One in Python3, the second in Java. Both clients seem to be broadly equivalent, and both "work" in that I get a service ticket that is accepted by my Java GSS-API Service Principal. However…
FlyingSheep
  • 804
  • 1
  • 9
  • 20
5
votes
2 answers

KrbException connecting to Hadoop cluster with Zookeeper client - UNKNOWN_SERVER

My Zookeeper client is having trouble connecting to the Hadoop cluster. This works fine from a Linux VM, but I am using a Mac. I set the -Dsun.security.krb5.debug=true flag on the JVM and get the following output: Found ticket for solr@DDA.MYCO.COM…
mdarwin
  • 1,684
  • 7
  • 28
  • 72
5
votes
1 answer

Login Error when authenticating with Kerberos

We are facing an interesting problem. Users login to application with Kerberos authentication. Few times they are successful, but suddenly they face lockout for their user login information and they see the error below on their screen Login error:…
yogsma
  • 10,142
  • 31
  • 97
  • 154
5
votes
1 answer

Kerberos authentication with SSPI

Note: I manage to make some progress, see the edit for my current question, thanks. I would like to use libcurl on Windows to access websites with a Kerberos/GSSAPI authentication. I first tried to work it out with MIT Kerberos, but I also require…
adaigle
  • 101
  • 1
  • 8
1
2
3
18 19