Questions tagged [kerberos]

Kerberos is a single sign-on (SSO) network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.

Kerberos is a single sign-on (SSO) network authentication protocol which uses symmetric cryptography and is defined in RFC 4120. Its design is based on usage of a trusted third-party (the key distribution center "KDC") which allows IP hosts to communicate over a non-secure network to prove their identity to one another in a secure manner. The PKINIT extension (RFC 4556) adds support for public-key cryptography.

Kerberos authentication in web browsers and HTTP clients is supported via the SPNEGO mechanism (RFC 4559). In other software, the GSS-API (RFC 4121) interface is commonly used to perform Kerberos authentication.

Kerberos supports one-time password (OTP) tokens for multi-factor authentication (RFC 6560).

See the Wikipedia article for more information.

3522 questions
1
vote
1 answer

Hbase Kerberos connection from Spark scala

I’m trying to connect to a kerberized secures Hbase cluster from a spark scala shell , below is my code and appreciate any help with the errors . I’m passing hdfs-site.xml, hbase-site.xml , core-site.xml and my keytab in the spark shell using —…
RData
  • 959
  • 1
  • 13
  • 33
1
vote
1 answer

Kerberos Double hop like issue - even when not using Windows Authentication

I have a Web application running under an app pool with Domain account Identity. The Web application is configured for "Anonymous Authentication". The web app connects using integrated security to a SQL server database (running on a different server…
kudlur
  • 1,215
  • 3
  • 15
  • 23
1
vote
1 answer

How to configure PHP on macOS to use Windows Authentication for SQL Server?

When I try to connect from PHP I get a PHP Fatal error: sqlsrv_connect: Unknown exception caught. in //testsql-plain.php on line 8 testsql-plain.php "; $connectionOptions = array( "Database" => "
Adam Michalik
  • 9,678
  • 13
  • 71
  • 102
1
vote
0 answers

solace hermesjms kerberos authentication

I am following this guide https://dev.solace.com/integration-guides/hermes-jms/ to use hermesJMS(downloaded via SOAPUI) with solace. In our organization we only use kerberos authentication for solace so my question is how do I setup kerberos auth…
Javadee
  • 139
  • 10
1
vote
0 answers

Connecting to Hive Metastore ( with Kerberos authentication) with Pyspark on Windows

I'm trying to connect to a Hive database with Kerberos authentication using Pyspark in Windows 10. So far I've done the following: (1) Set environment variables: SPARK_HOME = C:\spark HADOOP_HOME = C:\spark\hadoop Added C:\spark\bin to the…
1
vote
1 answer

reliable and platform-independent way of getting logged-in user in java

We need a java application to run on both solaris and windows machines and they are kerberized. We use JGSS to get the Princiapl corresponding to the logged-in user in Solaris, by specifying the loction of credential cache that is stored in…
Vikdor
  • 23,934
  • 10
  • 61
  • 84
1
vote
1 answer

.NET Desktop (Non-web) application using SAML 2.0 SSO with a Kerberos Token

I've been reading a lot about that, in order to implement this for a customer. I am 100% certain I am misunderstanding something, because things just don't make sense in my mind right now. Our customer wants to add, in an application we are making,…
Kaito Kid
  • 983
  • 4
  • 15
  • 34
1
vote
0 answers

Connect to kerberos secured hadoop cluster from docker running Flask

I have a docker container which has Flask application running. I want to use this API for connection. I am very new to Kerberos and I have very little practical knowledge on it. My host system will have a Kerberos client installed which can…
jashnb
  • 11
  • 2
1
vote
1 answer

Does Azure Data Lake Store support Kerberos/LDAP/SSO authentication?

Considering that Azure Data Lake Store uses Active Directory for Authentication(which is inherently using Kerberos and LDAP), is there a way to directly use Kerberos, LDAP or SSO for Authentication with ADLS. Scoured many documents including this…
Mkl Rjv
  • 6,815
  • 5
  • 29
  • 47
1
vote
0 answers

How to run Ansible with Kerberos in a Docker container?

My folder structure is like this: ansible |── inventory |── roles └── various ansible stuff Dockerfile krb5.conf I have set up Kerberos properly and can run all Ansible playbook on the machine with no problems. But some issues appear when…
1
vote
1 answer

API Connection using Python requests_kerberos

This is my first experience trying to connect to an API through python (from windows) using Kerberos authentication. I have been working on it for a few days and my progress has stalled. Here are just a few of the references I have been using: This…
Dr.Tautology
  • 416
  • 1
  • 8
  • 19
1
vote
4 answers

JavaKerberos authentication to SQL Server on Spark framework

I am trying to get a spark cluster to write to SQL server using JavaKerberos with Microsoft's JDBC driver (v7.0.0) (i.e., I specify integratedSecurity=true;authenticationScheme=JavaKerberos in the connection string) with credentials specified in a…
quarkonium
  • 322
  • 3
  • 13
1
vote
0 answers

Forward Keberos Ticket with Nginx

I would like to use nginx as a proxy to an application which authenticates with Kerberos. Is it possible to pass the keberos ticket through nginx to the reverse proxied application ? I was hoping for something like: proxy_set_header Authorization…
quasiben
  • 1,444
  • 1
  • 11
  • 19
1
vote
1 answer

Kerberos does not issue renewable tickets

I am trying to issue a renewable ticket for my principal using a keytab (MIT KDC, Red Hat 7.4): su - newuser kinit -r 7d -kt /etc/security/keytabs/newuser.service.keytab newuser/mask1.myhost.com@EXAMPLE.COM Looking at the flags: [newuser@mask1 ~]$…
Maxim Neaga
  • 921
  • 3
  • 17
  • 29
1
vote
0 answers

SSPI client requires less iterations than GSSAPI server

I'm using nsspi to call SSPI APIs from a C# application for the client side. I'm using cyrus sasl with a MIT Kerberos GSSAPI implementation on the server side. The two protocols seem to talk to each other but the server seems to require more…
Dean
  • 6,610
  • 6
  • 40
  • 90