Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
3
votes
2 answers

Decrypting OpenLDAP passwords

I have a set of users in my OpenLDAP and i wish to get some information from them, for example "cn" and "userPassword". However when i retrieve these details the password isnt in plain text even though it is set to this in my LDAP server. Any ideas…
odtf
  • 79
  • 1
  • 2
  • 9
3
votes
1 answer

Kerberos SSO implemented with Java

i am trying to created a JAVA program that will get my windows users credentials, then connect to the kerberos on my unix box and authenticate and allow me to use a service, for an example an LDAP server. All examples i have found tend to on run ask…
owain
  • 53
  • 1
  • 4
3
votes
0 answers

How to mock GSSManager correctly?

I want to mock GSSManager for unit testing using Powermock. It failed when I did mockStatic(GSSManager.class) because of this error: java.lang.VerifyError: Bad return type Exception Details: Location: …
Minh Nguyen
  • 81
  • 4
3
votes
1 answer

Spark 1.6.Token can be issued only with kerberos or web authentication

I call kinit keytab right before spark-submit in my shell driver script. The thing is, its working by itself, but when I call the shell driver scrip it through Oozie, I got this error: Stdoutput py4j.protocol.Py4JJavaError: An error occurred while…
la_femme_it
  • 632
  • 10
  • 24
3
votes
2 answers

SPNEGO: Subsequent Calls after a Successful Negotiation and Authentication

Over the last few days I have built a proof-of-concept demo using the GSS-API and SPNEGO. The aim is to give users single-sign-on access to services offered by our custom application server via Http RESTful web-services. A user holding a valid…
FlyingSheep
  • 804
  • 1
  • 9
  • 20
3
votes
0 answers

Java GSSAPI Credentials with Active Directory

Apologies in advance - I'm pretty new to Kerberos/GSSAPI, so I've probably got something really simple stuffed up. I'm trying to run what is essentially the sample client code from the GSSAPI tutorials. I have two VMs set up. One is named…
dram
  • 97
  • 1
  • 8
3
votes
0 answers

Compiling curl with GSS-API on Linux for Kerberos authentication

I am new to curl and kerberos both. I am trying to compile curl with GSS-API support on RedHat Linux box. When I run configure, ./configure --prefix=${PWD} --with-gssapi I get the following error. error : one or more libs available at link-time…
MVORA
  • 31
  • 1
  • 4
3
votes
3 answers

Spnego Kerberos Authentication gives "Request is a replay (34)" error for Windows 7 users

I have setup Spnego authentication on my Tomcat 7 webapp. It works fine for Ubuntu 14.04 and Windows 10 users. However, all users using Chrome/Firefox/IE get the following error: GSSException: Failure unspecified at GSS-API level (Mechanism level:…
xennygrimmato
  • 2,646
  • 7
  • 25
  • 47
3
votes
1 answer

NegotiateStream can't work with Kerberos/NTLM/GSSAPI over SASL (POP3/IMAP/SMTP)?

I'm trying to get Integrated Windows Authentication (using default credentials of the currently logged Windows user) to log in Exchange 2007 account (SMTP/POP3/IMAP). I already have working implementation for this but it uses SSPI functions and thus…
Alex Orlov
  • 31
  • 3
3
votes
1 answer

SASL bind over GSSAPI using kerberos credentials with ldap_sasl_bind_s function

I am trying to implement SASL bind over GSSAPI using kerberos credentials with ldap_sasl_bind_s function. I follow to the steps described in ldap_sasl_bind_s(GSSAPI) - What should be provided in the credentials BERVAL structure chain I get expected…
Grigor Aleksanyan
  • 367
  • 2
  • 14
3
votes
0 answers

Trouble connecting via paramiko + kerberos

Currently when I want to connect to a node I simply do: ssh username@node and everything works fine. (thanks Kerberos :-)) Now I'm trying to develop a simple python script that connect to a specified host but I cannot connect to it using that…
polslinux
  • 1,739
  • 9
  • 34
  • 73
3
votes
0 answers

FreeIPA LDAP timeouts possibly due to kerberos

We currently use FreeIPA so support a centralized repository of our SSH Pubkeys which are the only thing allowed to be used for logging in to our servers. We have installed a Centos 7 machine (up to date) with IPA 3.3.3 (from the default repo) and…
driz
  • 455
  • 3
  • 16
3
votes
1 answer

LDAP Creating InitialLdapContext fails in Sub Realm / Cross Realm setup in Java using GSSAPI

I have a server process running on a machine KERBOS.COM and its trying to connect to a LDAP Server in IN.KERBOS.COM(Sub Realm) to sync user using GSSAPI Mechanism. By looking at GSSLOGS we can see that the spn its trying to authenticate belong to…
Deepak Kumar
  • 161
  • 1
  • 6
3
votes
1 answer

GSSAPI get username password and build credential not working for non logged in user

I am developing a C++ client that uses GSSAPI to login to a server. For the credentials I am using gss methods to build a credential object(explained in code below). My code for this part is #include #include…
Arunav Sanyal
  • 1,708
  • 1
  • 16
  • 36
3
votes
1 answer

javax.naming.AuthenticationException

I'm trying to create a context for ActiveDirectory (client and server are both windows), using my Windows credentials with NTLM. This is my code: public void func() { try { URL configURL =…
Matan
  • 680
  • 2
  • 14
  • 24
1 2 3
18 19