Got a simple WCF demo app that has two console projects--host and client. Both are running on my machine (win 7 box). I'm using the netTcpBinding, which uses windows authentication. The issue is that authentication is downgrading to NTLM from kerberos, and I can't figure out why. If I use <clientCredentials> <windows all...
Hi, I have a client side application that uses Kerberos authentication to connect to remote service. When reseting the password for the SPN in ADSI without renewing the ticket, the authentication fails (of course). The question is, if there is a way to know in advance that the ticket is not valid\ expired. Thanks!! ...
Hi there, I want to implement Single Sign On with Kerberos in Java and have successfully managed to create a ticket for the Service using the ticket from the Windows logon. Unfortunately, I can only create that ticket when the Registry Key "allowtgtsessionkey" is enabled. I am receiving an exception with the message "Identifier doesn't ...
We have a site level feature which gets activated when a "My Site" is provisioned. This feature finds the current SharePoint logged-in user and changes the User Profile Picture URL property to the logged-in user. This works absolutely fine when we have NTLM authentication enabled. Scenario-1 When the Kerberose authentication is enable...
We are facing the SQL Timed out issue and I found that the Error event ID is either Event 5586 or 3355 (Unable to connect / Network Issue), also could see few other DB related error event ids (3351 & 3760 - Permission issues) reported at different times. what could be the reason? any help would be appreciated.. ...
Hi, How can I list all cached Kerberos tickets, that are connected to objects in a specific active directory organization unit? Thanks! ...
I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the code, and it seems to working (I'm authenticating fine), but the resulting security context doesn't have the ISC_REQ_DELEGATE flag set. So I'm thinking that maybe one of the endpoints (client or server) is forbidden to delegate. Ho...
Hi, I'm trying to purge a specific ticket from the cache,using LsaCallAuthenticationPackage. I always get ERROR_INVALID_PARAMETER 87 in the package status. What could be the reason? Here is my code (All other steps succeeded): KERB_QUERY_TKT_CACHE_REQUEST tktCacheRequest = { KerbQueryTicketCacheMessage}; void* pRep; DWORD ...
hi all I have mycorp.com, ch1.mycorp.com, mycorp2.com domains (it is all windows) I am configuring sso-kerberose-negotiate authentication My server running in mainaaa3.mycorp2.com, I have created spn "http:/mainaaa3.mycorp2.com" for it, and I have set trusts between domains, but if users from mycorp.com, ch1.mycorp.com domains that bro...
Hi, I am trying to write a simple application that performs Kerberos authentication (no mutual authentication for now). The operating system is Windows server 2003, standard edition. I have setup Active directory and created an SPN using setspn tool. AcquireCredentialsHandle returns SEC_E_OK both on client and on server. InitializeSe...
I'm managing a set of web apps, almost exclusively written in PHP, and would like to find an authentication platform to build a role-based authorization system on top of. Also, I'd like the authentication system to be extensible to use for, for example, system services (SSH, etc.) Here are some of the main characteristics I'm looking fo...
Hi, I have a winform application calling web services hosted in IIS, by default, the client app will use Kerberose for authentication to IIS, and it failed for some reasons。 But the same app works fine at another PC(with different user login), and I found it is using NTLM by checking the IIS server event log. is there anyway we can cha...
What is wrong with the heimdal configuration? kinit test test@REALM's Password: kinit: krb5_get_init_creds: No ENC-TS found An /etc/krb5.conf contains: default_tgs_enctypes = des-cbc-crc default_tkt_enctypes = des-cbc-crc default_etypes = des-cbc-crc default_etypes_des = des-cbc-crc fcc-mit-tick...
I know how Kerberos works and understand it purpose but I need some real world examples, where does it fit, and have you ever use it? ...
I tried to implement a simple single-sign-on in my python web server. I have used the python-kerberos package which works nicely. I have tested it from my Linux box (authenticating against active directory) and it was without problem. However, when I tried to authenticate using Firefox from Windows machine (no special setup, just having ...
Hello StackOverflow Community, Can Adobe AIR use Integrated Windows Authentication (Kerberos) to authenticate from a user’s work station to SharePoint? Thanks, Mauricio ...
Hi, I installed SQL Server 2008 on a Win XP SP2 workstation in a AD domain and configured to run with the "Network Service" account. In my error log I have the following message (Event ID:26037): The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. **Error: 0xd, stat...
Dear programmers! Today I have faced a serious problem, that I don't know how to approach. I'm trying to implement an authorization service, using SSPI/Kerberos. I'm testing it on my local computer. When I implement server size as a windows service application, authorization process is cycling, i.e. function InitializeSecurityContext i...
I need to list the service connection points on various windows servers. Ex. When I set up Kerberos for Sql Serve Analysis Services, the documentation says to use: Setspn.exe -S MSOLAPSvc.3/Fully_Qualified_domainName OLAP_Service_Startup_Account Apparently, however, Sql 2008 R2 may have incremented the MSOLAPSvc.3 to MSOLAPSvc.4, wh...
I need to choose an authentication method for an application installed and integrated in customers environment. There are two types of environments - windows and linux/unix. Application is user based, no web stuff, pure Java. The requirement is to authenticate users which will use my application against customer provided user base. Meani...