Questions tagged [kerberos]

Kerberos is a single sign-on (SSO) network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.

Kerberos is a single sign-on (SSO) network authentication protocol which uses symmetric cryptography and is defined in RFC 4120. Its design is based on usage of a trusted third-party (the key distribution center "KDC") which allows IP hosts to communicate over a non-secure network to prove their identity to one another in a secure manner. The PKINIT extension (RFC 4556) adds support for public-key cryptography.

Kerberos authentication in web browsers and HTTP clients is supported via the SPNEGO mechanism (RFC 4559). In other software, the GSS-API (RFC 4121) interface is commonly used to perform Kerberos authentication.

Kerberos supports one-time password (OTP) tokens for multi-factor authentication (RFC 6560).

See the Wikipedia article for more information.

3522 questions

votes

4 answers

"Defective token detected" error (NTLM not Kerberos) with Kerberos/Spring Security/IE/Active Directory

We are having trouble getting Spring Security/Kerberos/AD to work for our web app. Our diagnosis is that our AD server sending an NTLM token (we can tell as it starts with "TlRMTVNT.....") to IE and IE is then sending this to our application and…

java spring-security kerberos

asked Jun 04 '10 at 10:44

Andrew Harmel-Law

7,739
12
44
55

votes

1 answer

Getting IIS to impersonate the windows user to SQL server in an intranet environment

I am developing an intranet site using C# and ASP.NET MVC. I have SQL Server on one machine and IIS running on a separate machine. I would like a user to visit the intranet site and without prompting the user internet explorer sends the users…

sql-server asp.net-mvc authentication iis kerberos

asked Feb 19 '14 at 20:23

oceanexplorer

1,209
3
11
24

votes

4 answers

How to find if NTLM or Kerberos is used from WWW-Authenticate: Negotiate header

I am programming a client application in .Net that communicates with server via HTTP. I need to set different request buffering options in case of NTLM and Kerberos authorization. How to find out if NTLM or Kerberos is used? Is it possible to…

.net kerberos ntlm negotiate www-authenticate

asked Apr 08 '11 at 15:47

IT Hit WebDAV

5,652
12
61
98

votes

1 answer

Should I call ugi.checkTGTAndReloginFromKeytab() before every action on hadoop?

In my server application I'm connecting to Kerberos secured Hadoop cluster from my java application. I'm using various components like the HDFS file system, Oozie, Hive etc. On the application startup I do…

java hadoop kerberos

asked Jan 05 '16 at 16:36

Jan Zyka

17,460
16
70
118

votes

2 answers

mongodb kerberos peer dependency

Trying to install mongodb or mongoose globally results in a missing peer dependency for Kerberos Jamess-MacBook-Pro:ka2 jamessherry$ npm install -g mongodb /usr/local/lib └─┬ mongodb@2.0.48 └── UNMET PEER DEPENDENCY kerberos@~0.0 npm WARN…

node.js mongodb mongoose kerberos

asked Nov 11 '15 at 01:13

user1775718

1,499
2
19
32

votes

2 answers

Windows authentication in linux docker container

i am trying to use windows authentication in linux docker container under kubernetes. I am following this settings: https://learn.microsoft.com/en-us/aspnet/core/security/authentication/windowsauth?view=aspnetcore-3.1&tabs=visual-studio#kestrel App…

kerberos windows-authentication gssapi http-negotiate gss

asked Feb 19 '20 at 08:50

Scholtz

2,878
2
23
23

votes

3 answers

pass kinit a custom krb5.conf file

I'm using kinit to log into a server that my sys admin didn't anticipate us using. It seems that the default location for the config file is /etc/krb5.conf, but I don't have root access so I can't edit this file to add a new server. How can I pass…

kerberos

asked Sep 06 '12 at 18:35

Shep

7,990
8
49
71

votes

10 answers

Cannot get Kerberos service ticket: KrbException: Server not found in Kerberos database (7)

I'm developing using the GSSAPI, and I have code which works with a vanilla MIT Kerberos 5 server to do some client/server work. I'm now verifying it's functionality against Active Directory and I've hit an issue. I have my server authenticated and…

active-directory kerberos

asked Dec 12 '12 at 23:09

ohshazbot

votes

2 answers

Skipping Kerberos authentication prompts with JSch

I am using the Connect() method in the Ssh Java class below in order to connect to a server using SSH (JSch) and running a command in the server. The problem is that when running Connect() the server prompts the next messages: Kerberos username…

java ssh kerberos jsch gssapi

asked Apr 16 '15 at 08:36

Haritz

1,702
7
31
50

votes

5 answers

npm install mongoose fails (kerberos and bson errors)

So I'm attempting to launch my node app, but there's a few errors arising from my MongoDB installation. Here are the specs for my dev environment: node => 0.10.33 (installed from nodejs.org) npm => 1.4.28 (installed from nodejs.org) git => 2.1.3…

mongoose npm kerberos bson node-gyp

asked Nov 05 '14 at 22:08

Caleb Faruki

2,577
3
30
54

votes

2 answers

Unattended install of krb5-user on Ubuntu 16.04

So, when running: sudo apt-get install krb5-user You are asked to enter the AD/LDAP domain. The problem is that I want this to be able to be run as a startup script for my machines. Is there any way to either pass the domain in as a parameter or…

linux ubuntu active-directory ldap kerberos

asked Oct 01 '16 at 07:26

user6907792

votes

4 answers

What TargetName to use when calling InitializeSecurityContext (Negotiate)?

The Question When calling InitializeSecurityContext, what value do i pass to the TargetName parameter? Revised Background I'm calling the function InitializeSecurityContext: InitializeSecurityContextA( @pAS.hcred, //[in] credentials …

security winapi kerberos ntlm

asked Mar 20 '12 at 14:01

Ian Boyd

246,734
253
869
1,219

votes

1 answer

How to implement Single Sign On using Spring and Active Directory

I have a Spring based Web App which I would like to implement a Single Sign On solution on. The basic flow would be: 1) User logs in into Windows Workstation/Desktop PC (authenticating against organisation's Active Directory) 2) User opens browser…

java spring active-directory single-sign-on kerberos

asked Jul 31 '13 at 14:45

Lawrence Tierney

votes

8 answers

Get current Windows user name within Silverlight

Is it possible to get the currently logged in user's username with Silverlight? You can assume that user has Windows OS and the Silverlight application is hosted in Internet Explorer. Getting the identity from server side with ASP.NET is not an…

windows silverlight kerberos ntlm

asked Jul 24 '09 at 09:18

huseyint

14,953
15
56
78

votes

4 answers

Is there a way in Java or a command-line util to obtain a Kerberos ticket for a service using the native SSPI API?

I want to implement Single Sign On with Kerberos in Java and have successfully managed to create a ticket for the Service using the ticket from the Windows logon. Unfortunately, I can only create that ticket when the Registry Key…

java windows active-directory single-sign-on kerberos

asked Feb 25 '10 at 16:58

user269667

Prev 1

…

99 100 Next