Stack Overflow
Stack Overflow

Questions tagged [kerberos-delegation]

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server. A common example is a web server passing the credentials of the client user to a database server behind it. Without Kerberos delegation in place, the client user credentials cannot be passed to the database server.

126 questions
1
vote
0 answers

kerberos auth and connection pooling in jdbc

I've got Java web application running on Tomcat with SSO via SPNEGO/Kerberos and I want to pass kerberos ticket to database, Oracle DB in my case (like impersonation in MS products). I've found an example of implementation…
Vladimir Kravets
  • 330
  • 6
  • 21
1
vote
0 answers

Impersonating a thread using GSSAPI's established security context, on Windows

I am working on enabling Kerberos authentication/delegation in my application. My setup: The client is any web browser. The server runs on Windows and hosts some of my services, with Apache/Tomcat as the front end. The server can delegate work to…
user2237963
  • 103
  • 7
1
vote
0 answers

Kerberos constrained delegation using krb5 libs fails with error message GSS_S_BAD_MECH

I am trying to implement Kerberos Constrained delegation on a Unix system using krb5 libraries. The concept is that a "trusted" user would be able to get a kerberos ticket on behalf of another user in the system. I am using this code as a base for…
user3821194
  • 11
  • 1
1
vote
1 answer

IIS + Kerberos + SQL Server + EF Initial connection failure

I have a web server on my domain that I'm trying to use Kerberos delegation to allow access to my SQL Server. They are all Server 2008 R2 servers with IIS 7.5 and SQL 2008 R2 (the DC is also Server 2008 R2). Everything is working, in that I see…
joe_coolish
  • 7,201
  • 13
  • 64
  • 111
0
votes
0 answers

Spring Security Kerberos - using Authentication from session to make Kerberized calls on behalf of user

I'm trying to implement REST services over LDAP directory. Both have Kerberos-protected access. I already have working code (based on Security Server Spnego and Form Auth Sample sample), which login user and store autentication object in users…
Artur Satarov
  • 3
  • 2
0
votes
0 answers

Python hdbcli.dbapi Dash App RBKCD give Server not found in Kerberos database

Ubuntu: 22.04 (Kerberos 5 version 1.19.2, which support RBKCD) Python: 3.9.16 hdbcli : 2.14.24 Users have account Kerberos REALM A. A mid-tier Dash App server, with serviceaccount and principal in REALM A. SAP HANA instance is in REALM B. Cross…
Troels Schwarz-Linnet
  • 21
  • 4
0
votes
0 answers

What SPNs to set to allow AppPool identity to update AD Contact Info on behalf of user in IIS (Python App)?

I have a mock active directory domain CONTOSO. I have a domain-joined web server WEBSERVER1 running IIS 10 and there is a python flask app hosted on there. The appPool for that Flask app is set to a service account that I created…
moosearch
  • 176
  • 9
0
votes
0 answers

Windows Authentication in Chrome with Kerberos (cross realm)

I have configured the registry values mentioned everywhere in various guides for the AuthServerAllowlist and AuthNegotiateDelegateAllowlist to allow Windows auth to work seamless with an internal website. There is an AD login button which used to…
peejay1977
  • 1
  • 1
0
votes
0 answers

Impersonating in Kerberos for Java REST client

I am working on an application where my code (a simple Java HTTPURLConnection client) is making a REST call to a secured URL authenticated by Kerberos. It is working fine with this REST call and taking windows credentials to log the user. I want to…
gpsingh
  • 11
  • 3
0
votes
0 answers

How to access Kerberos Secured UI using nginx with Username And Password

We have Hadoop Cluster In VPC. To connect any node inside VPC we have to ssh into jump machine and then from that jump machine we have to ssh into any node of hadoop. A single point of contact to cluster is 22 port of jump machine. No other ports…
Uddhav Savani
  • 31
  • 6
0
votes
0 answers

Jobs are failing due to Kerberos issues

I'm getting the following error in my cluster (HDP 3.1, NameNode HA, Kerberos security via AD integration): 23/01/12 05:03:13 INFO HiveMetaStoreClient: HMSC::open(): Could not find delegation token. Creating KERBEROS-based thrift…
kant
  • 1
  • 3
0
votes
0 answers

Impersonation to Sharepoint onPrem through restservice not working on IIS

I have made a restservice that combines data from different origins on a local environment. One of the origins is an onprem SharePoint 2019 where I need to use the rights from the user that accesses the restservice. I am using impersonation for that…
Burrhus
  • 156
  • 6
0
votes
0 answers

Mongodb Kerberos Configuration Steps - Windows

I'm new to Mongodb and have the task of configuring it to use AD groups and Kerberos Authentication. I do not need a replica setup. I manage to create a myUserAdmins account with the SCRAM 256 Mechanism, but lost access to this account from cli as I…
Tech TC
  • 1
  • 1
0
votes
0 answers

SQL Linked Server issue with impersonation and constrained delegation

I am struggling with setting up a SQL Linked server on SQL2017 that uses impersonation with a windows domain account and Kerberos Constrained Delegation. I have 4 SQL nodes in a cluster and a linked server (the same config) on each node that points…
Jonny_Bravo
  • 88
  • 1
  • 1
  • 4
0
votes
1 answer

KRBError: KDC cannot accommodate requested option - when Constrained Delegation is Enabled

Having got an SSO solution fully working using Spnego/Kerberos within a Windows Tomcat environment which allows my windows domain user to be used to make a connection to an IBMi via JTOpen which then uses EIM to map my Windows user to an IBM user to…
Merlin
  • 1
1 2 3
8 9