Hi All, Has anyone had any luck with querying/changing SPNs on a Windows domain? Most of the hits on Google are SQL related: I can't find any information on how to do this myself. The most important things would be to query to SPN configuration and check for duplicates. According to Arnout I made the following code: static void Ma...
Has anyone come across a Perl module that will parse (and write) kerberos configuration files (ie /etc/krb5.conf)? I have looked at quite a few parsing modules like Config::General, Config::Auto, etc., but none seem to be able to handle nested structures like the following: pam = { debug = false ticket_lifetime = 36000 renew_lifet...
Im trying to learn and understand Kerberos, i need to understand the process that must occur between the client and server — Windows and non-Windows platforms — to enable Kerberos authentication. looking for some help to explain the process better. thank you ...
At the moment I am getting a KrbException: Integrity check on decrypted field failed (31) with my GSS demo application (on the server side). Now I am looking for the reason for this. I have the suspicion, that it comes from the fact that the client and the server application run on the same machine (localhost) and/or the SPN was genera...
The two WWW-Authenticate additions Microsoft makes use of that I am currently aware of are NTLM Negotiate If Negotiate is sent down from the server, based on a set of conditions Kerberos will be used Intranet Zone Accessing the server using a Hostname rather then IP Integrated Windows Authentication in IE is enabled, the host is tr...
I'm using DCOM to provide various application services on a Windows network, using Kerberos to handle authentication. The system normally works fine, but I'm running into issues accessing the service from a separate (trusted) domain. Particularly, the service is unable to make callbacks to the client application, receiving the error "A s...
I would like to configure Tomcat to use Kerberos authentification against Active Directory, but also to use Impersonating (i.e. the Java's worker thread should be running under the credentials of the authentificated user, so that I can then call some SharePoint webservices and pass them the Kerberos ticket with the delegation right) ...
Hi, I need to write a script in python to check a webpage, which is protected by kerberos. Is there any possibility to do this from within python and how? The script is going to be deployed on a linux environment with python 2.4.something installed. dertoni ...
I would like to use an LDAP server (probably Apache directory) to manage logins and credentials for an application. From time to time the application needs to work offline (on a laptop) without a connection to the LDAP server. What is the best way to replicate the credentials localy? I have already thought about: Using Mitosis to rep...
I am trying to access a SharePont website fom a java Application. The SharePoint server prefers Kerberos authentication. Can you please provide an example for just the implementation of Kerberos authentication? ...
Does anyone know how to configure kerberos in racoon and establish a IPsec connction between two machines??? any link related to this is also useful.. thanks.... Anandan ...
Is there a way in Java to query Active Directory for a users attributes given an existing javax.security.auth.kerberos.KerberosTicket that was forwarded to my code? I know I want to use Ldap to do the search but I am confused on how to use this KerberosTicket object to Bind to ldap. Currently I am using Spring-Ldap and Spring-Security to...
I am the de facto mac sysadmin for a few mac labs on a campus that is primarily Windows, and we have the Macs configured to do single login via Kerberos and get their directory info via LDAP and NFS. This works fine for someone physically sitting at the machine, but I am running into a brick wall when it comes to sshing into these machi...
I have implemented an application a few years ago using both kerberos functions and GSSAPI to authenticate to a kerberos server but when I look back at the code, it always took time to understand what those calls do (I think I need to put comments on my comments). What is the best way to understand how kerberos works and how to effecti...
Is it possible to use Brokered Kerberos Authentication for web services over the Internet? I'm looking at web services security for an environment which already has Active Directory. Due to the existing architecture the web services will be quite chatty and I have no control over this architecture. It may take up to 6 web service call...
Using a provided username, password, and domain name, how can I retrieve a boolean value indicating if a user has successfully authenticated with a primary domain controller? Authentication should be performed using the Kerberos protocol for windows domain controllers. Thanks in advance, Dan ...
I have an Intranet http application running on several machines in our Windows domain; everything works when using IE 7 because I can configure it to use Kerberos authentication and I've figured out how to get one of the intermediate machines to be Trusted for Delegation. I have researched and tried to get Firefox 3.0.10 to use Kerbero...
Through acquisition we have a number of products that require authentication and authorisation. The products include web sites and client side applications, the client side applications use some web services. We are a .Net shop and servers will be running Server 2008, clients will be running XP SP?? and later. Users of the products are ...
We are planning on utilising kerberos in our architecture. I would like to know what perceived or actual advantages this technology has, and if there are any alternatives. Note that we have a .net client side and java server side. communication will be via messaging bus and SOA ...
Thought I will try my luck here. Have tried virtually every solution I could find out there including previous related questions in SO. I am at my wits end. For our Intranet site, our German users always get a security prompt. For all others, it works fine. The IE settings are same for everyone. Any good solution pointing me in the ri...