kerberos

Possible to use Kerberos Token Profile via WCF over SSL?

The examples everywhere show how to do Kerberos Token Profile 1.1 via WCF, however it uses Message security. In fact, the WCF implementation defaults to sign+encrypt. I have a requirement of using SSL, and instead using KTP for authentication and signing, and NOT encrypting. If I change the mode to TransportWithMessageCredential, it no ...

Single Sign On (SSO) from Firefox on Ubuntu

I am trying to get single sign on working from Firefox version 3.6.6 running on Ubuntu 10.04 LTS Lucid Lynx to IIS 7 on Windows Server 2008. If I type kinit then kinit -S HTTP/mydomain.com the resulting in a klist that looks like this Ticket cache: FILE:/tmp/krb5cc_2040529396 Default principal: [email protected] Valid s...

Attacking synchronized clock protocol (Kerberos)

If we assume that an attacker is able to control the clock of Alice, Bob, and the KDC (key distribution center) how could the attacker attack the Kerberos protocol? ...

Why does the Kerberos protocol not feature perfect forward secrecy?

Why does the Kerberos protocol not feature perfect forward secrecy? ...

Git authentication over apache_mod_krb

I'm using git repo with git-http-backend. In apache2 I have location what needs authentication for clone and push actions. When I protected it location with AuthType Basic all works is fine, git passes authentication and can clone and push, but if I change type to KerberosV5 git can't access to repo with correctly credentials. If I'm us...

Kerberos on Java to connect to C# server

I have been introduced to a system with a C# client and server where the client connects using information set up by service reference. Basically I need to make the C# client, but with Java. It needs to still connect to the C# server, which uses authentication via Kerberos Service Principal Name. The tutorials that I have looked at aren...

PHP on Windows: How to use web services with the logged on user's identity?

Hello, I have a Windows 2008R2 based intranet server running a PHP based intranet application in IIS. We want to improve the intranet now and integrate data from external systems, for instance data retrieved from the Exchange web services or information from a Sharepoint webservice. Log in for the users with their windows credentials wo...

Connecting to Microsoft Analysis Services cube with double hop windows authentication

Hi I'm trying to enforce windows authentication for users of a .Net application on Web Server to access a cube on a Microsoft Analysis Services database on SSAS and just going nuts trying to get it to work! I am using <identity impersonate="true" /> in the web.config. Anonymous access is turned off in IIS and Integrated Windows Authen...

Windows support of native GSS-API in Java 6.

From http://java.sun.com/developer/technicalArticles/J2SE/security/#3: Note: These two system properties are ignored when applications run on operating systems that do not yet support this feature, for example, MS Windows. That document is from 2006, so things could have changed but I've not found a definitive answer. I wo...

how to ensure that our site authenticates with kerberos

I am working with HttpWebRequest in dotnet. I am using delegation (impersonation) to do this, request.Credentials = CredentialCache.DefaultCredentials; request.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation; in webconfig file identity impersonate="true" for Impersonation Kerberos is required... So ...

Devise ignoring custom strategy

This is just plain weird. I've got Rails 3 RC running with Devise installed. I've defined a custom strategy to try and use Kerberos for authentication. module Devise module Strategies class Kerb < Devise::Strategies::Base def valid? params[:username] || params[:password] end def authenticate! ...

Cannot open database "our database" requested by the login. The login failed. Login failed for user 'ADUser'

We are rolling out our first .net 4.0 entity framework application and are having an issue with security. We have it working on our alpha site inside our development environment with the following setup: SQL2005 IIS6 .NET 4.0 asp.net mvc 2 Entity Framework NTLM But when we moved it to our production environment for beta testing we ...

Force silverlight to authenticate as current user by default

Is it possible to force a silverlight browser application to use the current authenticated user by default? I want to avoid the first request where the IIS responds with 401.2. So, instead of having two requests where only the second is useful, I want to have only one request. I see this happening both with NTLM and Kerberos. Regards, ...

Kerberos Authentication with WCF customBinding

Hello Sir, I am using an ASMX web service and creating a WCF Client for the service with customBinding. In the customBinding security section, I am using the authenticationMode as "KerberosOverTransport" and using HTTP as Transport medium. Please see the below code. <customBinding> <binding name="Service1Soap" closeTimeout="00:01:0...

Android authenticating with Kerberos

Hi Everyone, I am trying to create a Android application that uses an existing web service. However, the existing web service uses Kerberos for authentication and I am having trouble getting Android using the android-xmlrpc library to authenticate with the service. If anyone has any experience with this, please respond. I am completely...

Using SSPI to get SSO from Java application running on Windows

I have a Java application running on Windows that needs to authenticate to a webapp using Kerberos/SPNEGO. I'm aware of how to configure JAAS to achieve this, but I find the Java (JDK6 and JDK7beta) Kerberos implementation to be lacking a couple important features I need. For example, support for referrals or using the DNS to figure ou...

How do I get a token needed for DFS Kerberos authentication?

I'm trying to write a client for consuming DFS (Documentum Foundation Services) and trying to use kerberos for single sign-on. In both Java and C# sample code (productivity layer) that comes with the documentation, the line that gets the Kerberos binary token is given as byte[] ticket = ... I'm not sure how to actually get the bi...

How to change kerberos passwords in Java

Hello, I have to admin kerberos users directly in Java (J2EE web-app). How can I do the equivalent to kpasswd (or kadmin) command with/without extra lib? I found a few commercial APIs but they are very expensive... Thank you for your help ...

How to write code that calls a WCF service and falls back from Kerberos to NTLM if needed?

I need to call a WCF service programmatically. The service may be hosted with either NTLM or Kerberos authentication and needs to work under either. That is, if connecting to the service via Kerberos fails, then it should fall back to NTLM. Here's the code I'm using for Kerberos auth (if relevant, the service is hosted in SharePoint 201...

ASP.NET HttpWebRequest with Kerberos Authentication

I am trying to connect to a web service that uses Kerberos Authentication to authorize the user, but all I get is a 401 unauthorized everytime I try to make the request. Below is the code that I am using. Thanks in advance for any help you can provide! public XPathNavigator GSASearch(string url, string searchString) { Ht...