Kerberos user authentication in Apache
Hi, can anybody recommend some really good resources for how to get Apache authenticating users with Kerberos. Background reading on Kerberos would also be useful Thanks Peter ...
kerberos
Kerberos Delegation for Clients Ouside the Firewall
I am trying to run a SQL Server Reporting Services where the data for the report is on a SQL Server database that's on a different server. Integrated Authentication is turned on for both the Report Server and the report. I have confirmed that Kerberos delegation is working fine by using Internet Explorer to run the report from inside t...
Difference between SSL and Kerberos authentication?
Hi! I am trying to understand what's the actual difference between SSL and Kerberos authentications, and why sometimes I have both SSL traffic and Kerberos. Or does Kerberos use SSL in any way? Anyone could help? Thank you! ...
Kerberos and T125 protocol
Why does Kerberos authentication use T125 protocol? I believe Kerberos authentication behaves this way: Client asks for a ticket to the Kerberos authority The Kerberos authority provides a Ticket to the client The Client tries to authenticate towards a Server and sends to the server this Ticket. The Server verifies the Ticket is OK wit...
gss_acquire_cred returning Key table entry not found error
I have been trying to follow the guidelines in this Microsoft article to authenticate against Apache with Kerberos and AD. I have successfully tested the communication between the apache server and the AD server with kinit. However when I attempt to access a restricted page on the server with IE I get an Internal server error and the fo...
IIS Returning Old User Names to my application
Here's my scenario. I created an application which uses Integrated Windows Authentication in order to work. In Application_AuthenticateRequest(), I use HttpContext.Current.User.Identity to get the current WindowsPrincipal of the user of my website. Now here's the funny part. Some of our users have recently gotten married, and their n...
bind Linux to Active Directory using kerberos
We are trying to bind a Linux machine (debian 4.0) to W2k3 AD. We have configured kerberos properly so that we can get TGTs. And users authenticate properly. However, PAM seems to be the sticky wicket. For example when we try to SSH to the linux machine as one of the AD users, the authentication succeeds (as per the auth.log) but I n...
Do I need to set up Kerberos to use Replication in SQL Server 2005?
I want to setup replication on three SQL servers and one is not configured for Kerberos. (The SPNs are not setup yet) Do I need Kerberos and Pass-through delegation working to use replication in SQL Server 2005? ...
How do I reload kerberos configuration under tomcat ?
My application runs under tomcat. It is using GSS API (JNDI) to connect to Active Directory LDAP Server using Kerberos. It allows the user to define AD servers and try to connect to them. However, once the first Kerberos using connect attempt is done, the application does not read Kerberos configuration again (/etc/krb5.conf). Hence, any...
Can I use two Kerberos Keytabs from a single host?
My application enables defining several LDAP servers to work with. One might want to define Kerberos access to more than one LDAP server. Can it be done? Can a single host juggle between Active Directory servers with Kerberos as the connection method? ...
How do I call a Sharepoint Webservice from a c# client using Kerberos authentication ?
Hi We have developed a webservice that sits and runs in the context of a sharepoint site. This works fine using normal windows authentication. We now have a client who wants to install this on a Kerberos enabled sharepoint site. What changes would we need to make to either the webserivce, the calling client (a windows service) or both...
Generate kerberos ticket using .NET
I want to generate a Kerberos ticket using .NET with auth credentials supplied through a login form on a web page (this will authenticate user against in a sql db) and then use this ticket to authenticate the user as a single sign on across several other web apps. Is this possible? I have had a look at WSE and it seems to assume you alr...
Why does my web part throw an error about "NT Authority/Anonymous User"?
My Sharepoint 2007 web part executes code to start a K2 workflow process. The workflow server resides on another server. When my code executes, I get the following error: "24408 K2:NT AUTHORITY\ANONYMOUS LOGON from 172.172.172.172:1721 does not have rights to Start Process MyProject\MyProcessName" I'm sure this is a general IIS delegat...
SSH hangs on Mac Book Pro; AFS and Network Preferences?
I am having an issue with SSH hanging on my Mac Book Pro. This only happens to me once I get home from work after I have used SSH while at work. The three factors I have narrowed the issue down to are SSH, our work AFS network drive and the method of network connectivity. At work we use an AFS drive with Kerberos Authentication to do al...
Testing that a website is using Kerberos authentication
How do you go about checking that an IIS website is successfully using Kerberos and not falling back on NTLM? ...
Tomcat authentication using SPNEGO/Kerberos and delegation
Is there an apache module that implements Kerberos authentication for use by Tomcat and also supports Kerberos delegation? I've already looked at mod_spnego and it throws away the SSPI context it creates only keeping the principal name. Instead, I'm looking for a module that would allow for the delegation of the ticket sent to Tomcat -...
How can i start a console application using the 'network service' account
Hello, I have a console application that i would like to run as 'NT AUTHORITY\NetworkService', but i cant remember how to do so - the only reason is that i will be hosting my service in a windows service, but for kerberos authentication testing i want to use the spn that is already at the domain (it does have delegation enabled) In sho...
How to obtain a kerberos service ticket via GSS-API?
Does anyone know how to get a service ticket from the Key Distribution Center (KDC) using the Java GSS-API? I have a thick-client-application that first authenticates via JAAS using the Krb5LoginModule to fetch the TGT from the ticket cache (background: Windows e.g. uses a kerberos implementation and stores the ticket granting ticket in...
Kerberos Authentification in PHP
Let's just assume that I don't know much about Kerberos - just the basics. I have... Debian Linux 2.6 Webserver Apache 2.2 mod_auth_kerb/5.3 PHP/5.2 a (working) Kerberos Realm Windows Client Firefox 3 an logged in identity "[email protected]" in MIT Network Identity Manager How do I use this information in a PHP script so that...
How do I interact with a kerberos server from my own application
My network has a kerberos server for username/password authentication. Machines that run my application have functioning kerberos clients, so users can use kinit, etc. How do I interact with the server programatically, from my own custom applications? The preferred language for an example is C. I want users of my application to authen...