Stack Overflow
Stack Overflow

Questions tagged [kerberos-delegation]

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server. A common example is a web server passing the credentials of the client user to a database server behind it. Without Kerberos delegation in place, the client user credentials cannot be passed to the database server.

126 questions
3
votes
3 answers

curl with Kerberos error: option --negotiate: the installed libcurl version doesn't support this

I would like to use curl with Kerberos curl --negotiate '' or curl --negotiate -u : '' But I got the error: curl: option --negotiate: the installed libcurl version doesn't support this My OS: OS X El Capitan Curl…
Babu
  • 4,324
  • 6
  • 41
  • 60
3
votes
2 answers

SSRS 2016 Native Double-Hop Windows Authentication

Myself and another admin have been trying to troubleshoot the double-hop authentication issue on our new reporting server (where the report runs as the authenticated user, but cannot delegate to the data source and returns a 'NT Authority\Anonymous’…
joshcorr
  • 101
  • 2
  • 10
3
votes
3 answers

HDFS Delegation token expired even after adding principle to command line

I'm running a spark streaming job in hadoop. The machine is kerberized and it ran fine for 42 Hours and fails due to HDFS token delegation expiry. I even have the crontab set up for kinit command that runs for every 8 hours and I have the Max-renew…
Mahadevan
  • 131
  • 2
  • 16
3
votes
0 answers

Couldn't view logs page in native UI as logged in as super user

I am not able to view the logs file in hadoop admin UI,even am logged with super user credentials. Please find the details below: Open native hadoop UI with super user credentials ,I can clearly view the UI page,at same time same super user…
mathes
  • 333
  • 1
  • 8
2
votes
1 answer

Hive is not accessible via Spark In Kerberos Environment : Client cannot authenticate via:[TOKEN, KERBEROS]

Hi All, I'm running Spark(2.4.4) in kerberos environment, I've written a code to query Hive Table Via Spark. I am doing kinit also in spark-submit command, but still i'm facing java.io.IOException: org.apache.hadoop.security.AccessControlException:…
Deepak Singh
  • 41
  • 3
2
votes
1 answer

Accessing/parsing "msDS-AllowedToActOnBehalfOfOtherIdentity" AD property in C#

I have a need to manage Kerberos Resource Based Delegation in C# (I know it's easier in Powershell but that is not the requirement). The attribute on the user/computer/service accounts is msDS-AllowedToActOnBehalfOfOtherIdentity, but this seems to…
PLK
  • 389
  • 2
  • 13
2
votes
0 answers

How kerberos delegation should be deployed

Below is my understanding about Kerberos delegation : 1] Unrestricted delegation (W2000): Windows 2000 allows a authorized user to forward a TGT: he asks for a forwardable TGT (Authentication Service) and can then ask for a forwarded TGT (Ticket…
Arachnide
  • 31
  • 3
2
votes
1 answer

No credentials in security package when requesting a Kerberos ticket while impersonating another user

Context: Custom reverse proxy/API Gateway built in C# on top of IIS and IIS Rewrite-rules, making use of OWIN middleware. Goal: I'd like the proxy to authenticate the incoming request first(this is easily configured in IIS). Having the identity…
valorl
  • 1,499
  • 2
  • 14
  • 30
2
votes
1 answer

Pywinrm and Active Directory PowerShell cmdlets

I encounter a weird issue with my Python code which uses pywinrm module. Let me explain a bit. I have a Linux server where I launch the following python script: import winrm """Create security group""" s =…
Vran
  • 59
  • 6
2
votes
0 answers

Delegation with OAuth2 in microservices architecture

I have a general question on delegation with OAuth2. I watched a great tutorial by Dave Syer on microservices security. As far as I understand he suggests that individual microservices will be Resource servers. Which is totally fine. I also read a…
Jan Zyka
  • 17,460
  • 16
  • 70
  • 118
2
votes
1 answer

How to configure groups in Jboss EAP for Kerberos implementation?

I have configured my application with Kerberos authentication for a specific user in jboss-eap and it's working fine. But wants to configure the same on the basis of the group i.e users in a specific group will able to authenticate. Standalone.xml…
Siddharth Gupta
  • 31
  • 3
2
votes
1 answer

EWS Managed API Double Hop

I'm developing an intranet site that will use in on-premise. In corporate, users can use this site like OWA they can see their inbox, send mails etc. To achive this I use EWS Managed Api 2.2 to connect Exchange Server (2010_sp1).I am developing with…
Cembora
  • 244
  • 2
  • 15
2
votes
2 answers

Reset to Kerberos when Negotiate:Kerberos faults to NTLM

I am working with a system which implements constrained delegation for a double-hop from Firefox 38.2.1 (or IE 11) accessing an intranet .NET 4.5.1 web application running on Windows Server 2012 (IIS 8.5) to SQL Server 2008 R2 on a different server.…
Rick V
  • 1,286
  • 1
  • 11
  • 13
2
votes
1 answer

Kerberos redirect

I am using JSOUP for crawling on pages that are behind Kerberos. In JSoup I have to hardcode my ID and Password to gain access to the webpage and read the contents. I want to know a way by which I don’t have to hardcode the credentials but rather…
Yahoo
  • 4,093
  • 17
  • 59
  • 85
2
votes
3 answers

How to use WAFFLE for SSO using stand alone java client

We are trying to use WAFFLE for SSO using a standalone java client with JAAS. We've mentioned waffle.jaas.WindowsLoginModule in our jaas.conf but it is prompting for user name, password which we believe is not an ideal solution for SSO. Can any one…
MyFist
  • 413
  • 7
  • 19
1
2
3
8 9