kerberos

Using Kerberos & LDAP

How do I implement Integrated windows authentication using ASP.Net kerberos protocol & LDAP in IIS? ...

How do I get JNDIRealm in Tomcat to use Kerberos auth?

I am trying to run a tomcat JNDIRealm using using Kerberos for authentication (authentication="GSSAPI"). However, I'm getting this: SEVERE: Catalina.start: LifecycleException: Exception opening directory server connection: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS init...

WCF Identity NTLM Kerberos

I have read numerous posts and articles about the element in client endpoints on a WCF client but I am still a little confused. I have a client which gets SSPI errors when attempting to communicate with a net tcp WCF service. However, when I add the following into the configuration it works fine <identity> <servicePrincipalName /> <...

Java and Kerberos authentication krb5.conf versus System.setProperty

Hello, Please help me on a kerberos+Java problem. I have a simple Java program to authenticate to a Windows Active Directory using Kerberos. The following java code works fine without any problems and prints true- public class KerberosAuthenticator { public static void main(String[] args) { String jaasConfigFilePath = "/myD...

Reload Kerberos config in JAVA without restarting JVM

Hello, The following code is for authenticating to a windows AD server using Java+Kerberos and it works fine- public class KerberosAuthenticator { public static void main(String[] args) { String jaasConfigFilePath = "/myDir/jaas.conf"; System.setProperty("java.security.auth.login.config", jaasConfigFilePath); String krb...

How to get LDAP search to use Kerberos ticket to avoid cleartext password.

I have a Tomcat configuration that uses Kerberos 5 to authenticate the user against AD server and then uses LDAP to obtain roles for authorization against a security-constraint. server.xml has this: <Realm className="org.apache.catalina.realm.JAASRealm" appName="vt-ldap" userClassNames="edu.vt.mid...

How to call a .NET web service with Kerberos (or NTLM) authentication from Oracle PL/SQL

We are calling a .NET web service from our oracle database using the sys.utl_http package. We have also tested with the sys.utl_dbws package. This works fine when there is no security on the .NET web service. However, we would like to use sys.utl_http or sys.utl_dbws to call a .NET web service with Kerberos or NTLM authentication. We'r...

Seamless SSO authenticating against Active Directory

I have a webpage that I only want a specific group to log into. I work at a college and we use Active Directory accounts and only a certain group can access this php page (on apache server). I know I can restrict access with some PHP code, but I want to accomplish seamless login. Everyone uses IE7 at work (which are configured to pass...

How to connection to an IIS website using Kerberos

Hi there, When i connect to one of our internal website and i look in the event viewer security tab I can see that the Authentication Package is NTLM What do i need to do so that the Authentication Package is kerberos? The website is an ASP.NET website with IIS 6 and uses windows authentication ...

If Kerberos Authentication fails,will it always fall back to NTLM?

I have gone through many blogs which are telling that if Kerberos fails then it automatically falls back to NTLM.Is it true? ...

Is it possible to integrate Kerberos authentication into Jetty 6?

We currently have an application that runs an embedded jetty 6.1.14 server to which we need to add authentication via Kerberos. I'm new to Kerberos, which makes the task about 100x harder that maybe it should be. I've scoured the internet and have found conflicting reports as to whether or not it is even possible but nothing much to pr...

krb-error 30 error code:KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN Server Name(Unknown) HTTP/Null

Hi I have searched many blog posts but could not get any solution. I have seen many posts with a similar kind of error but in their case Server Name: HTTP/Domain Name I was able to get ticket for the user to go to the server. But I really dont know why I am getting this kind of error with Server Name as null. The error is KRBError: ...

Using C# console app to call lists.asmx getting 'http request is unauthorized with clien tauthentication scheme 'ntlm'. The authentication header received from the server was 'Negotiate, NTLM'.

Environment: Kerberos turned on in QA & Production, not in Dev (stupid I know, but I don't admin any of the boxes) Hitting a sharepoint webservice to GET data from a sharepoint list (lists.asmx). Server uses ssl. I get an error message in my qa environment as follows (can't paste the stacktrace as it's in a picture only): System...

ASP.net kerberos dropping down to NTLM sporadically

Background (just the relevant pieces): We have a large intranet asp.net 2.0/3.5 app. Web servers are Windows Server 2003 on an AD domain. Clients are on Windows, IE 6-8. Windows Authentication, with a custom principal created from the Windows Identity. Web servers sit behind an F5 NLB which forwards the user to a specific web server. (T...

Kerberos, delegation and how to do this correctly?

I've got two separate homemade applications that need to communicate among themselves. One is a frontend application (asp.net actually), the other is a backend interface to an accounting application. The backend interface was not created specifically for this frontend - it is a generic interface that many other applications use to integr...

Configure WCF Client to Use Web Services Security Kerberos Token Profile 1.1

Morning, Does anyone know how to configure WCF (any binding type, we are currently using WSHttpBinding but am happy to move to a CustomBinding or alternative if necessary) to use Web Services Security Kerberos Token Profile 1.1 the details of which can be found here: http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-s...

IE gets wrong Security Zone when accessing SSRS Reports

I have some machines that when accessing SSRS Reports show "Internet" or "Unknown Zone(Mixed) instead of "Local Intranet". Some user never report this problem, for others it appears consistent. These machines should be all setup the same. We access the SSRS reports with a url like http://test-intranet.xxx.com. Have checked the security s...

Why do I get a GSSException when using Active Directory SSO from Microsoft IE to a Java server?

I was building an Active Directory Single Sign-On authentication system for Java web applications (using SPNEGO/Kerberos), and everything works fine with either Firefox or (reportedly) Safari, but Internet Explorer causes an exception: GSSException: Channel binding mismatch (Mechanism level: ChannelBinding not provided!) In fact, I th...

How do I get a WSE 3.0 web service to impersonate my client's identity?

I have a WSE 3.0 based web service running in Windows Server 2003 under IIS 6.0. I want the web service process to impersonate the client user that sends the web service request, however the service is not impersonating the client. The web application has its own app pool, which is currently set to run under the Network Service identity...

What programs use GSS-API? Any decent sample programs?

I thought I wanted to use GSS-API, but now am not so sure, since I'm having a hard time finding good sample code for a trivial client/server pair. Sun has documentation including sample code, but it's written specifically for their GSS API implementation, using a few proprietary functions not in e.g. the GNU GSS-API (and for which it's ...