Questions tagged [kerberos]

Kerberos is a single sign-on (SSO) network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.

Kerberos is a single sign-on (SSO) network authentication protocol which uses symmetric cryptography and is defined in RFC 4120. Its design is based on usage of a trusted third-party (the key distribution center "KDC") which allows IP hosts to communicate over a non-secure network to prove their identity to one another in a secure manner. The PKINIT extension (RFC 4556) adds support for public-key cryptography.

Kerberos authentication in web browsers and HTTP clients is supported via the SPNEGO mechanism (RFC 4559). In other software, the GSS-API (RFC 4121) interface is commonly used to perform Kerberos authentication.

Kerberos supports one-time password (OTP) tokens for multi-factor authentication (RFC 6560).

See the Wikipedia article for more information.

3522 questions

vote

0 answers

Spring boot microservice- Kafka Kerberos - krb5 and jaas config files in PCF - deployment in PCF

Working on Kafka with Kerberos authentication. For running from eclipse/commandd, setting vm arguments with config files. I want to know how can deploy this in PCF with VM arguments. I could see some valid answer here. but I need detail answer with…

asked Dec 20 '18 at 17:51

Jai

vote

0 answers

SoapUI SSO using Kerberos

I've been trying to use Single Sign On Kerberos through SoapUI (version 5.2.1). I've been through a lot of forums and topics about it and I can't seem to find any successful solution. I'm kind of new to soapUI and I'm finally coming here to find…

single-sign-on soapui kerberos

asked Dec 13 '18 at 10:05

mdombret

vote

0 answers

Logstash: HTTPS Connection to WebHDFS

I am facing issues with WebHDFS. My organization uses WebHDFS on port 50470, which is both "kerberized" and requires HTTPS. After following the thread in https://github.com/elastic/logstash/issues/8791, and overcoming the Kerberos issue, I am still…

https hdfs logstash kerberos webhdfs

asked Dec 12 '18 at 08:57

chaooder

1,358
1
17
37

vote

0 answers

InitializeSecurityContext: The specified target is unknown or unreachable

Overall goal: I'm trying to authenticate to Active Directory over LDAP with Kerberos on Windows. Due to dependencies, I'm unable to use python-ldap or python-gssapi, so I'm using ldap3 with the patch found in this answer to use Kerberos (by way of…

python python-3.x active-directory ldap kerberos

asked Dec 05 '18 at 19:03

Maximilian Burszley

18,243
4
34
63

vote

1 answer

PyHive with Kerberos throws Authentication error after few calls

I am trying to connect to Hive using Python (PyHive Lib) to read some data and then I further connects it to hive Flask to show in Dashboard. It all works fine for few calls to hive, however soon after that I am getting following error. Traceback…

python hive kerberos pyhive

asked Dec 04 '18 at 17:18

Gaurang Shah

11,764
9
74
137

vote

0 answers

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. despite SPN registration being successful

I have 3 servers: Server1 - Remote Server Server2 - SQL Server Server3 - SQL Server The SQL Service on both SQL Servers run as a domain user, and I have checked the logs and can confirm they are both SPN registered. On Server2 I can run locally…

kerberos sql-server-2016 linked-server

asked Dec 04 '18 at 12:33

Jeffrey

2,095
3
20
36

vote

1 answer

Symfony app and API on same Apache virtual host

I work on a legacy PHP application powered by Symfony v3 on Apache 2.4. This app is secured by a Kerberos authentication. My Apache VirtualHost looks like : Listen 80 DocumentRoot "/var/www/app" AuthType Kerberos …

php apache symfony virtualhost kerberos

asked Dec 03 '18 at 17:32

RadicalDingos

vote

1 answer

Kerberos JAAS with Service name

I'm trying to set up Zookeeper / Kafka Kerberos authentication but my keytab were created in an interesting way: ktpass -princ zookeeper/hostname@TEST -mapuser zookeeper -mapOp add -Target TEST so it turns out I can do this kinit…

security apache-kafka apache-zookeeper kerberos sasl

asked Dec 03 '18 at 12:34

Stephane Maarek

5,202
9
46
87

vote

1 answer

Hadoop - failed to specify server's Kerberos principal name

Error - Failed to specify server's Kerberos principal name I am trying to setup a Hadoop cluster using Kerberos. I managed to get the cluster working with Spark and Yarn before starting the Kerberos configuration. Currently my master and three nodes…

hadoop hadoop-yarn kerberos

asked Nov 26 '18 at 15:31

user10347849

vote

1 answer

Oozie Spark HBase job, invalid credentials exception

i do have an issue with Kerberos credentials. This work is based on a cluster and the keytabs are provided on each datanode. Basically it is an oozie workflow shell action, and it's purpose is to write to HBase by a spark job. If the job is run on…

apache-spark hbase kerberos oozie-workflow

asked Nov 26 '18 at 15:24

Ardian Koltraka

vote

2 answers

Transiently kerberos authentication failure with Kafka client application

I am using latest version of kafka and facing issue transiently in connecting my consumer/producer (console) clients to kafka broker over SASL_PLAINTEXT. This is my jaas configuration file KafkaClient { …

authentication apache-kafka kerberos jaas

asked Nov 20 '18 at 10:29

learner

1,952
7
33
62

vote

0 answers

Connect to multiple Kafka servers using springboot

In Spring boot application, I want to connect to 2 different kafka servers simultaneously. I am using KafkaAdmin and AdminClient to make the connection and perform CRUD Operations. @Bean public KafkaAdmin kafkaAdmin() { Map

java apache-kafka kerberos spring-kafka

asked Nov 20 '18 at 05:46

anuj trehan

vote

2 answers

Why does a client machine need a kerberos service principal

I'm trying to understand Kerberos and getting confused with the service principals. Assume I wanna access a NFS share secured by Kerberos. I have the following three different nodes: A Client machine (with a user called test) KDC (AS/TGS) NFS…

kerberos mit-kerberos

asked Nov 18 '18 at 12:53

supercoast

vote

1 answer

kpasswd - Cannot contact any KDC for requested realm changing password

After kinit user1 successfully I tried to change passwd with kpasswd user1 $ kpasswd user1 Password for user1@EXAMPLE.COMN: Enter new password: Enter it again: kpasswd: Cannot contact any KDC for requested realm changing password How can I debug…

kerberos

asked Nov 15 '18 at 03:08

ruseel

1,578
2
21
41

vote

0 answers

Is it possible to determine HOW a user authenticated by inspecting Kerberos packets?

Right now I'm seeing that password authentications are lacking a certificate in the PADATA field and that smart cards have a certificate that can be decoded. However, is there a more detailed way to determine how a user authenticated? Biometric,…

authentication kerberos smartcard

asked Nov 09 '18 at 22:12

ChopperCharles

Prev 1 2 3

…

99 100 Next