Questions tagged [gssapi]

GSS-API is an IETF standard that addresses the problem of many similar but incompatible security services in use today.

Generic Security Service Application Program Interface () provides vendor-neutral authentication services to callers in a generic fashion, supportable with a range of underlying mechanisms and technologies and hence allowing source-level portability of applications to different environments.

Commonly-used negotiation mechanisms include and during transactions between client and server.

GSSAPI is defined in RFC 2743.

274 questions
2
votes
1 answer

Spring security LDAP with GSS negotiation

I'm trying to use spring security 4 with ldap. it works fine for the LDAP who as the basic authentication system. If I try to connect to a system that uses GSS no longer works. I think it is normal and should be specified using GSS somewhere. But…
ciro
  • 771
  • 1
  • 8
  • 30
2
votes
0 answers

Perl module GSSAPI core dumps with kerberos 1.14

I am trying to compile GSSAPI PERL module with kerberos and I'm getting a core dump while testing it. Here are the details: GSSAPI version: 0.28 KERBEROS: 1.14 PERL: 5.22 OS: SunOS kangaroo 5.11 11.2 sun4v sparc sun4v While running the tests for…
Phalgun
  • 1,181
  • 2
  • 15
  • 42
2
votes
0 answers

SSO with putty via GSSAPI

I've been trying to integrate the login to Console of Suse Linux server using putty via Single Sign On. To that end, I've come across two setting: Allow GSSAPI credentials delegation in SSO; and Enable the GSSAPIaunthentiation in Linux. Am I…
Abhinav
  • 21
  • 2
2
votes
1 answer

Kerberos and LDAP: Why does Java 6 truncate LDAP host names when using Kerberos?

My task is to connect to a Kerberized LDAP server through Java GSS API. I have a small sample app that I use to test my connection, my Kerberos configuration, connection parameters, etc, to be sure that I can connect to the LDAP server and retrieve…
2
votes
1 answer

GSSException createCredential

Major edit: 2015-05-27: After some degree of success updated on where I'm currently stuck rather than leaving a rambling post....could really do with some pointers on this one - a little bogged down.... I'm running some code on a Linux app server…
KarlP
  • 309
  • 3
  • 15
2
votes
2 answers

When using Sasl.createSaslClient with kerberos, is it possible to modify kerberose configuration options?

I would like to use non-default location for ticket cache. Is it possible to set this value? I checked Krb5LoginModule and it allows for such configuration, but I could not find anything related to Sasl clients. Any help with this regard will be…
Prafulla
  • 832
  • 1
  • 7
  • 17
2
votes
0 answers

What authentication mechanism is required by python and azure service bus

i'm wanting to use python, under linux, to connect with the azure service bus. to that end, i'm using qpid-proton and amqp protocol. however, when i try connecting to the service bus, i get the following…
yamspog
  • 18,173
  • 17
  • 63
  • 95
2
votes
1 answer

What does sub error code 568 mean for Ldap Error 49 with Active Directory

I am writing some Java code that authenticates to Active Directory using SASL GSSAPI. Mostly this code is working fine but for one user I am getting the response: javax.naming.AuthenticationException: [LDAP: error code 49 - 8 0090304: LdapErr:…
Dean Povey
  • 9,256
  • 1
  • 41
  • 52
2
votes
0 answers

Using domain alias instead of host name in kerberos authentication

I use java GSS-API with kerberos. It works fine when I use host name like: ldapUrl = ldap://myhost.mydomain.net But when I user like: ldapUrl = ldap://mydomain.net it produces error: Server not found in Kerberos database. But mydomain.net is domain…
user710818
  • 23,228
  • 58
  • 149
  • 207
2
votes
3 answers

IBM JDK Convert GSSCredential to Subject

When working with the Oracle JDK it is possible to take a 'org.ietf.jgss.GSSCredential' and use the class 'com.sun.security.jgss.GSSUtil.class' to create a Subject from this. What I am looking for is how to achieve the equivalent using the IBM…
Darran L
  • 922
  • 1
  • 8
  • 14
2
votes
0 answers

Library Handles in node-ffi

I'm playing with integrating the gssapi into node.js. Im not sure how to represent this: The gss_init_sec_context function contains many struct based parameters, some of which are nested pretty deeply. For example this struct: typedef struct…
sentinel21
  • 546
  • 7
  • 24
2
votes
1 answer

IBM Jdk Issue Kerberos: Cannot authenticate keytab with credsType=both in JAAS

I have a service to service model in which I have a keytab for Kerberos Authentication. In this model I have defined a login configuration as the follows:- import java.util.HashMap; import java.util.Map; import…
Arunav Sanyal
  • 1,708
  • 1
  • 16
  • 36
2
votes
2 answers

What programs use GSS-API? Any decent sample programs?

I thought I wanted to use GSS-API, but now am not so sure, since I'm having a hard time finding good sample code for a trivial client/server pair. Sun has documentation including sample code, but it's written specifically for their GSS API…
John Zwinck
  • 239,568
  • 38
  • 324
  • 436
2
votes
1 answer

Why do I get a GSSException when using Active Directory SSO from Microsoft IE to a Java server?

I was building an Active Directory Single Sign-On authentication system for Java web applications (using SPNEGO/Kerberos), and everything works fine with either Firefox or (reportedly) Safari, but Internet Explorer causes an exception: GSSException:…
Tommy McGuire
  • 1,223
  • 13
  • 16
2
votes
1 answer

Can not use kerberos ticket to create hadoop file with java code

Our hadoop cluster use kerberos,so we need use kinit first, then use command like "hadoop fs -ls /". Now I use jaas and gssapi login and create file in cluster,but failed.here is my code: import java.security.PrivilegedAction; import…
JamesLi
  • 31
  • 1
  • 5