Stack Overflow
Stack Overflow

Questions tagged [kerberos-delegation]

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server. A common example is a web server passing the credentials of the client user to a database server behind it. Without Kerberos delegation in place, the client user credentials cannot be passed to the database server.

126 questions
0
votes
1 answer

Kerberos: S4U2self ticket must be FORWARDABLE (Containerproxy)

I'm using ShinyProxy to implement Kerberos authentication for Shiny apps, with ticket delegation for a underlying database. So basically: User -> ShinyProxy/Shiny Apps -> Database Login into Shiny using Kerberos works, however, ShinyProxy is unable…
Michel Jung
  • 2,966
  • 6
  • 31
  • 51
0
votes
1 answer

Kerberos in Active Directory using SSO with constrained double-hop and impersonation fails to renew service ticket

Digging deeper into Kerberos constrained delegation already discussed in Client/Server app, how to create process on remote system as a domain user without transferring that users username/password to the remote system? support kerberos constrained…
userABC
  • 1
  • 3
0
votes
1 answer

Delegation Error for Kerberos for Specific Windows Workstation

I am having an workstation specific Kerberos issue and hope anyone here would have additional recommendation. Our application has an application server and web server and we have kerberos configured on both application layer and web layer. And for…
Apoptosis
  • 3
  • 3
0
votes
0 answers

how impersonate user on Azure sql using Kerberos delegation

Please help me with Azure Sql Windows impersonation question There is three-tier application that uses impersonation on service tier to connect to the MS SQL as user that has started the client application. Kerberos ticket is used to impersonate…
oleksa
  • 3,688
  • 1
  • 29
  • 54
0
votes
1 answer

Impersonated HTTP authentication working only on localhost

I'm dealing with supporting Windows authentication on a ASP.NET Web API and the client is C++. I have taken this sample code from Microsoft #include #include #include #pragma comment(lib, "winhttp.lib") DWORD…
peval27
  • 1,239
  • 2
  • 14
  • 40
0
votes
2 answers

KrbException: S4U2self needs a FORWARDABLE ticket

I am trying to perform kerberos constrained delegation through my java code. I've a keytab file, SPN attached to the user, and the delegation enabled for the SPN to that user. When I am trying to login with Keytab, I am getting the SPN's TGT.…
Bhushan Karmarkar
  • 625
  • 7
  • 22
0
votes
1 answer

NTLM Kerberos support for Identity server which set behind nginx server (not working for IE)

I have Identity server 4 which reside behind ngnix proxy. and it support Azure AD. now if I SSO on https then it is not working for IE browser but work properly in other browser due to IWA/NTLM/Kerberos . So change need to do in ngnix to support…
divyang4481
  • 1,584
  • 16
  • 32
0
votes
1 answer

Kerberos delegation: GSSUtil.createSubject returns subject with principal name only

I am doing kerberos delegation. I noticed that GSSUtil.createSubject(context.getSrcName(), clientCred) returns a Subject without having credentials in it. Prior to that i've done GSSCredential clientCred = context.getDelegCred(); which returns the…
Bhushan Karmarkar
  • 625
  • 7
  • 22
0
votes
1 answer

Cyrus SASL and the Kerberos TGT

With Kerberos, successful authentication using kinit results in a locally-cached TGT that will be used for authentication to Kerberized services. Typically, this TGT is valid for one day so that the user only needs to provide their credentials once…
Joshua Gevirtz
  • 401
  • 3
  • 14
0
votes
0 answers

Python kerberos double hop

I'm creating a windows web service (REST) that is calling an app in pyhon subprocess. I'd like to execute that app with caller's credentials i.e. implement a impersonation with kerberos in that service. Have read many articles but haven't found…
stampOnd
  • 1
  • 1
0
votes
1 answer

Windows authentication between services in the same domain without Kerberos delegation

We have two intranet applications both hosted on the same domain, both hosted on IIS, both using Windows Authentication but hosted on DIFFERENT windows 2008 servers. My goal is to have ASP.net web application A call the service B. I also want A to…
fahmi
  • 591
  • 6
  • 27
0
votes
1 answer

Double Hop when Linked Servers are on Same Server, Client on Diff Server?

I'm trying to solve a mystery. We have two SQL Server instances residing on the same server. SQL instance A is linked to SQL instance B. Connections are made using pass through authentication. The calling service is on a different server. No…
AndreaD
  • 11
0
votes
1 answer

Implementing ASP.Net impersonation/delegation to connect to remote SQL Server from ASP.Net server not working

I'm trying to set up impersonation/delegation for a web application using ASP.NET 4.5/SQL Server 2016. The goal is to use the Windows authentication on the web application and the SQL Server. I reproduced on Azure a setup similar to the one which…
kaycee
  • 901
  • 1
  • 9
  • 35
0
votes
1 answer

PowerShell Remoting, Second hop and delegation

I am looking for the most secure way to implement WinRM in situations where Second hop comes up. Specifically I want to run a script from an arbitrary but singular management machine, and initiate remote sessions on all workstations, using passed…
Gordon
  • 6,257
  • 6
  • 36
  • 89
0
votes
1 answer

Realm and Domain syntax

I am trying to set up a tomcat server to use Kerberos authentication. This server is the base for the Spotfire Application server. I set up my krb5.config file like this: [libdefaults] default_realm = MYCOMPANY.COM default_keytab_name =…
Luis Garcia
  • 1,311
  • 6
  • 19
  • 37
1 2 3
8 9