Stack Overflow
Stack Overflow

Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
2
votes
2 answers

Correct Kerberos principal type for a hostbased service

There are several types of Kerberos principals. A regular user princpal like michael-o@COMPANY.COM would be KRB_NT_PRINCIPAL. But what about a service like HTTP/host.company.com@COMPANY.COM? There are a few possible types like…
Michael-O
  • 18,123
  • 6
  • 55
  • 121
2
votes
0 answers

How to connect to Postgres from Spring Boot using GSS API?

I'm try use GSS API for auth in PostgreSQL from Spring Boot; I'm use virtual machine with Postgres (it's in my domain). I can connect to Postgres using my Windows account in Windows using psql tool. But I can't connect to Postgres from Spring on my…
Ivan Fomkin
  • 51
  • 4
2
votes
0 answers

Creating a LdapContext from valid ldap service ticket using GSSAPI

Please Note:- I just want to validate whether the following can be achieved using the JAAS/GSSAPI. I am not able to find any pointers. Let me first clear the constraints on my application: We can't have a static krb.conf file. It is dynamic and…
theimpatientcoder
  • 1,184
  • 3
  • 19
  • 32
2
votes
1 answer

postgreSQl 12 with GSSAPI authenticate

I have been setup an authentication with Postgresql 12 using gssAPI on centos.I follow an example :https://paquier.xyz/manuals/postgresql/kerberos/ .But when i finish and run to conect with gssapi: "psql -U "postgres/myrealm.example@MYREALM.EXAMPLE"…
tranmanhthang
  • 21
  • 1
  • 2
2
votes
1 answer

msmtp: GSSAPI authentication fails

I'm trying to send emails using MSMTP with NTLM or GSSAPI authentication. This works fine using the NTLM authentication, but fails while using the GSSAPI. msmtp --version Output msmtp version 1.6.6 Platform: x86_64-pc-linux-gnu TLS/SSL library:…
VikramV
  • 1,111
  • 2
  • 13
  • 31
2
votes
0 answers

Postgres connection failure only for certain clients. Message: `GSSAPI authentication not supported`

I'm trying to connect to a postgres database. I can connect using the command line psql program (v11.2; installed using macOS homebrew) but not other methods, despite providing the same parameters: user name, database name, and port. psql (v11.2):…
Sean
  • 311
  • 1
  • 3
  • 12
2
votes
1 answer

Paramiko error in Linux:" ImportError:Unable to import a GSS-API/SSPI module"

I met this problem in my machine,and I spent several hours in solving this,I hope it can help others if they meet the same problem.
VictorV
  • 637
  • 7
  • 16
2
votes
1 answer

Requesting/sending Kerberos token in header vs pycurl.HTTPAUTH_GSSNEGOTIATE

I am attempting to request a json response from an intranet site that uses Kerberos authentication. I make a kinit like so (without a keytab): kinit employee_id@CORP.MYCOMPANY.COM After doing so, the following code works and gives me the exact…
user9283245
2
votes
1 answer

Check whether a Kerberos KeyTab file is valid in Java

I'm working on a Java code base that checks whether a Kerberos KeyTab file is valid, but it uses the internal class sun.security.krb5.internal.ktab.KeyTab for its isValid() method. Currently, it is doing the following: File keytabFile = new…
haxney
  • 3,358
  • 4
  • 30
  • 31
2
votes
0 answers

Acquire kerberos creditionals for hdfs client using gssapi and libhdfs3

I am writing a c++ hdfs client using libhdfs3. the hdfs was kerberized.So I am trying to acquire the kerberos credentials using gssapi. I wrote the bellow sample to do that. static void parse_oid(char *mechanism, gss_OID * oid) { char *mechstr…
Srini2k6
  • 380
  • 1
  • 5
  • 19
2
votes
1 answer

Is a service principal name (SPN) bound to a specific machine?

At the moment I am getting a KrbException: Integrity check on decrypted field failed (31) with my GSS demo application (on the server side). Now I am looking for the reason for this. I have the suspicion, that it comes from the fact that the client…
Roland Schneider
  • 3,615
  • 3
  • 32
  • 43
2
votes
2 answers

Why am I unable to login to my centos/7 box using Putty?

I'm using Win10, Putty, Vagrant and Virtualbox. I set everything up the same way I did for my ubuntu/trusty box (which worked perfectly) but I am getting this error after trying to login to my centos box: Disconnected: no supported authentication…
Joshua Lee
  • 31
  • 3
2
votes
2 answers

GSSAPI Defective Ticket

I apologise if there's something really straight forward I'm getting wrong with this - I've been finding it really hard to find much information about GSSAPI and JAAS. I'm writing a program that makes a request to an IIS server and authenticates…
dram
  • 97
  • 1
  • 8
2
votes
2 answers

"Delegation Token can be issued only with kerberos or web authentication" when restarting spark context after idle

I try to deploy spark application to kerberized hadoop cluster which is controlled by YARN. Version of Spark is 1.5.0-cdh5.5.2. I'm facing strange exception, when stopping SparkContext after more than 10 seconds idle and initializating a new one.…
Alexey Klimov
  • 69
  • 1
  • 7
2
votes
1 answer

Why can't I do a kinit with an SPN?

I was following this tutorial on setting up Apache Directory Studio for a webapp to develop and test out kerberos authentication (using spnego). I set up the ldap and ticket granting service as well as some basic user accounts. I am able to do a…
FourierTransformer
  • 41
  • 7
1 2 3
18 19