Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
5
votes
2 answers

javax.naming.AuthenticationException in GSSAPI

I'm trying to perform NTLM bind using JAVA GSSAPI. I'm receiving this error: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials…
Matan
  • 680
  • 2
  • 14
  • 24
5
votes
1 answer

Why does a browser in a different domain not respond at all to "WWW Authenticate : Negotiate" header sent by mod_auth_kerb?

I have implemented SSO through mod_auth_kerb in our apache-active directory environment and it works just as expected. However the following knowledge is bugging me : I requested a Kerberos protected page from two client machines, one user belonged…
Anuj
  • 78
  • 1
  • 8
4
votes
1 answer

Understanding and exploring how JAAS-GSSAPI-JNDI work together behind the hood

I have been trying to understand how these different APIs glue together behind the scenes. Though this question might seem to be a broad one, I also want to understand a particular scenario. Any pointers on this this can further be debugged will be…
theimpatientcoder
  • 1,184
  • 3
  • 19
  • 32
4
votes
1 answer

SPNEGO Authentication Works from a Custom Java Client, but NOT from a Web Browser

I am having problems authenticating via SPNEGO from a Web Browser (Internet Explorer 11) to a Web Service offered by a custom Java Application Server. I can successfully authenticate using SPNEGO to the same Application Server using a custom Java…
FlyingSheep
  • 804
  • 1
  • 9
  • 20
4
votes
0 answers

How to ssh connect using paramiko for gssapi-with-mic authentification

after years of finding every question already asked it's finally time to ask one myself. I am afraid the problem is rather specific but I'll try to be as detailed as possible. I am trying to ssh connect to remote servers via python3 scripts using…
jg43
  • 111
  • 8
4
votes
0 answers

Windows SSPI to Java GSSAPI interoperability to achieve SSO on EJB calls

I have Java client running on Windows machine that calls remote EJB on JBoss EAP/Wildfly running on Linux machine. I use Kerberos to achieve SSO. Java client verifies the user against Windows domain and pass his identity within EJB call to the JBoss…
Stanislav Mores
  • 76
  • 4
4
votes
1 answer

LDAP Continuation Reference error in search results from Active Directory when using GSSAPI authentication in Java

UPDATE: Based on the comment from @Michael-O below, it seems like the correct way to handle this issue if for the LDAP JNDI provider or the SASL implementation to canonicalize the host name by doing a forward then a revers DNS lookup before issue in…
Dominic A.
  • 496
  • 4
  • 9
4
votes
2 answers

Can't ssh using GSSAPI (Kerberos auth method) using Cygwin?

Why can't I ssh to a host with Kerberos ticket, using Cygwin? Here is my config: $ cat .ssh/config Host * GSSAPIAuthentication yes GSSAPIDelegateCredentials yes Here is what I get on ssh attempt: $ ssh -v user@host.net OpenSSH_3.5p1f3, SSH…
user1990198
  • 169
  • 1
  • 3
  • 13
4
votes
3 answers

Configure kerberos without krb5.conf

I'm using kerberos authentication to login to ActiveDirectory. I'm doing it with GSSAPI. Currently, I'm using krb5.conf file, that describes the realms, encryption algs and more, and the authentication works fine. I would like avoid using this file.…
Matan
  • 680
  • 2
  • 14
  • 24
4
votes
1 answer

which Perl ssh module support kerberos auth?

My Linux server group uses Kerberos authentication. When I try to connect to one of the servers using Net::SSH2, auth_list() returns gssapi-keyex and gssapi-with-mic. However, auth() doesn't support either. Is there a Perl module that naively (e.g.,…
chenryn
  • 121
  • 5
3
votes
1 answer

How to do kerberos authentication with a python suds client

I have a Windows-based web service that does certificate revocation. It supplies a WSDL file that I want the python suds package to use to allow me to revoke certificates. The service is protected via Kerberos/GSSAPI, so there is a keytab file in…
rlandster
  • 7,294
  • 14
  • 58
  • 96
3
votes
1 answer

ldap Invalid Credentials While Authenticating User(NodeJs)

There are two Active Directory (LDAP Servers). Following are the users which belongs to their servers respectively. Server user password 1- abc.pk user_abc@abc.pk ******** 2- …
jazeb Sheraz
  • 31
  • 5
3
votes
1 answer

GSS-API error accepting context: Service key not available - Solaris code, Windows KDC

I am attempting to get a test Kerberos client/server pair working against Active Directory. I have created three users in a spare domain in our corporate network, "RichardC", "Server1" and "Server2". My Server users have been mapped to different…
Richard Corfield
  • 717
  • 6
  • 19
3
votes
3 answers

GSSAPI for NTLM authentication

Is it possible to use GSSAPI for NTLM v1/v2 authentication? I am trying to build a web-server, quite like squid / apache, but I would like to authenticate clients that could be using IE / FireFox, using NTLM / Negotiate protocols. I tried using…
mdk
  • 6,225
  • 1
  • 25
  • 30
3
votes
1 answer

How to authenticate to Active Directory using gsasl gssapi?

I'm trying to authenticate to an Active Directory domain using gsasl. I've already kinit'd as the Administrator. I've tried to follow the test code in gsasl tests/gssapi.c, but the code below is failing with GSASL_GSSAPI_INIT_SEC_CONTEXT_ERROR when…
David Mulder
  • 7,595
  • 11
  • 45
  • 61
1 2
3
18 19