Stack Overflow
Stack Overflow

Questions tagged [kerberos-delegation]

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server. A common example is a web server passing the credentials of the client user to a database server behind it. Without Kerberos delegation in place, the client user credentials cannot be passed to the database server.

126 questions
0
votes
1 answer

HBase connection in mapreduce running from Oozie workflow fails

I am running my mapreduce job as java action from Oozie workflow . When i run my mapreduce in my hadoop cluster it runs successfully,but when i run use same jar from Oozie workflow it throw be This is my workflow .xml
Sudarshan kumar
  • 1,503
  • 4
  • 36
  • 83
0
votes
1 answer

Kerberos: Cross Domain/Realm Issue

I ran into an issue while I was helping a customer to configure SSO (with Kerberos) for our Software. But first, let's give you some context: As you can see in the attatched krb5.ini we want to do Cross Domain/Realm Kerberos and we have four…
hlpinform
  • 111
  • 8
0
votes
3 answers

Getting authentication delegation settings for an AD account from a non Domain controller with Powershell

I have admin rights on a machine connected to AD. But I don't have rights on the Domain Controller. With PowerShell is it possible to get all authentication delegation settings of an AD account from my admin machine? If possible how? What I mean as…
Baskar Lingam Ramachandran
  • 617
  • 9
  • 25
0
votes
2 answers

KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. while connection to mongodb with GSSAPI

I have setup Active directory with kerberos authentication on windows server 2012 r2, set mongodb server on a 2nd machine. Started mongodb with GSSAPI authentication, Now if I try to connect to mongodb using the follwong url mongo.exe --host…
Rajesh Kumar
  • 1
  • 1
  • 1
0
votes
1 answer

Double Hop Issue

I am trying to solve double hop issue in my application. We need to have webserver ITSXXXXXXX trusted for delegation to the SQL Server machine ITXXXXXXX. I followed this article…
Anil kumar
  • 525
  • 2
  • 10
  • 32
0
votes
1 answer

Authenticator in Kerberos

When we try to connect to the Ticket granting server we have to create the authenticator and also send the service to which we are trying to connect. My question is do we manually create the authenticator and type in the service or is it an…
Raj Sharma
  • 21
  • 2
  • 8
0
votes
2 answers

kerberos ticket and delegation token usage in Hadoop Oozie shell action

I am new to hadoop and trying to understand why my oozie shell action is not taking the new ticket even after doing kinit. here is my scenario. I login using my ID "A", and have a kerberos ticket for my id. I submit oozie worklow with shell action…
Aandal
  • 51
  • 2
  • 11
0
votes
1 answer

Why is service principals needed for an application to secure itself and to authenticate others?

Currently I am configuring Hadoop to use MIT kerberos to secure its access. As part of it, we had to create few service principals dedicated to each service with the host name. But, I don't understand the use of service principal. Why/How does an…
kavig
  • 21
  • 3
0
votes
1 answer

IIS reverse proxy with windows authentication on same server getting access denied

I've viewed a few of the other IIS reverse proxy with windows authentication posts on here and they don't seem to be what I'm trying to do. Hopefully someone will be able to help or spot what I'm not doing or doing wrong. I've got a server which has…
padigan
  • 1,130
  • 1
  • 9
  • 22
0
votes
1 answer

delegation of authentication fails when opening web application from another network

I've been developing a web application calling an authenticated web service located on another server through the use of delegation of authentication and Kerberos. Everything is working fine when the user authenticates through a browser/desktop…
Rasputin
  • 70
  • 6
0
votes
0 answers

Kerberos Login using keytab without prompt for credentaials

I have done the following changes in the jaas.conf kblogininfo { com.sun.security.auth.module.Krb5LoginModule required storekey=true useKeyTab=true useTicketCache=true doNotPrompt=true …
mohit
  • 1
  • 2
0
votes
1 answer

What rights am I missing?

I'm trying to connect to IBM FileNet from my ASP.Net application using Kerberos. My AppPool is running under LocalSystem account. There is a "Trust computer for delegation" permission at AD. There is impersonation enabled at IIS for application. But…
Horosho
  • 647
  • 1
  • 8
  • 22
0
votes
0 answers

IIS Windows Authentication Token Passed to Second Server, Fails - Kerberos Double Hop?

We have developed a custom complied .net 4.0 dll library that that is deployed on a standard IIS server. The library is used by a vendor created application, Spotfire Web Player, which is run in its own Application Pool on the IIS server. The…
Jonathan
  • 3
  • 1
0
votes
1 answer

How do I get Kerberos to grant me access a file share from a PSSession?

I'd like to Enter-PSSession to server A and list the directory contents of a share on server B. I'd hoped to do this by setting Kerberos Constrained Delegation on server A's Active Directory properties to enable Kerberos Constrainted Delegation to…
chris king
  • 11
  • 2
0
votes
1 answer

Implementing Resource Based Constrained Delegation

I'm looking to implement Resource Based Constrained Delegation in C++, which is new to Windows Server 2012. Edit: Code for an IIS module that does this would also be great. Rather than being the classic KCD where an account is allowed to delegate…
Meir
  • 12,285
  • 19
  • 58
  • 70
1 2 3
8
9