Questions tagged [kerberos]

Kerberos is a single sign-on (SSO) network authentication protocol designed to allow nodes, communicating over a non-secure network, to prove their identity to one another in a secure manner.

Kerberos is a single sign-on (SSO) network authentication protocol which uses symmetric cryptography and is defined in RFC 4120. Its design is based on usage of a trusted third-party (the key distribution center "KDC") which allows IP hosts to communicate over a non-secure network to prove their identity to one another in a secure manner. The PKINIT extension (RFC 4556) adds support for public-key cryptography.

Kerberos authentication in web browsers and HTTP clients is supported via the SPNEGO mechanism (RFC 4559). In other software, the GSS-API (RFC 4121) interface is commonly used to perform Kerberos authentication.

Kerberos supports one-time password (OTP) tokens for multi-factor authentication (RFC 6560).

See the Wikipedia article for more information.

3522 questions

137

votes

52 answers

The target principal name is incorrect. Cannot generate SSPI context

I am struggling to get a SQL Server connection from machine A to machine B which is running the SQL Server. I have Googled extensively and all the things I have found have not worked. Nor do they lead you step by step through the process of solving…

asked Aug 31 '15 at 11:13

TheEdge

9,291
15
67
135

votes

5 answers

How do I get JSON data from RESTful service using Python?

Is there any standard way of getting JSON data from RESTful service using Python? I need to use kerberos for authentication. some snippet would help.

python json rest kerberos

asked Oct 13 '11 at 07:07

Bala

4,427
6
26
29

votes

3 answers

Security & Authentication: SSL vs SASL

My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with a key exchange method (like Diffie-Hellman) to provide secure encryption and identification services between two endpoints on an un-secure network (like the…

encryption ssl md5 kerberos sasl

asked Jul 05 '12 at 15:13

IAmYourFaja

55,468
181
466
756

votes

9 answers

Difference between SSL and Kerberos authentication?

I am trying to understand what's the actual difference between SSL and Kerberos authentications, and why sometimes I have both SSL traffic and Kerberos. Or does Kerberos use SSL in any way? Anyone could help? Thank you!

ssl kerberos traffic netmon

asked Sep 21 '08 at 16:44

Layla

4,175
7
26
20

votes

4 answers

SFTP connection through Java asking for weird authentication

So I'm writing a little program that needs to connect to a remote server through SFTP, pull down a file, and then processes the file. I came across JSch through some answers here and it looked perfect for the task. So far, easy to use and I've got…

java sftp kerberos jsch

asked Jun 04 '12 at 13:14

cardician

2,451
3
26
36

votes

9 answers

Simple Kerberos client in Java?

Applications such a Google's Chrome and IE can transparently handle Kerberos authentication; however I can not find a "simple" Java solution to match this transparency. All of the solutions I have found require the presence of a krb5.conf file and a…

java kerberos

asked Apr 27 '11 at 12:44

Andrew White

52,720
19
113
137

votes

6 answers

Kerberos kinit enter password without prompt

I was looking at this: http://docs.oracle.com/javase/7/docs/technotes/tools/windows/kinit.html and noticed that it says I could use the "password flag". I am not sure how to do this though? Can I enter the password for kinit without it prompting…

macos kerberos

asked Nov 15 '11 at 23:25

user754905

1,799
3
21
29

votes

3 answers

When using --negotiate with curl, is a keytab file required?

The documentation describing how to connect to a kerberos secured endpoint shows the following: curl -i --negotiate -u : "http://:/webhdfs/v1/?op=..." The -u flag has to be provided but is ignored by curl. Does the --negotiate…

hadoop curl kerberos webhdfs keytab

asked Jul 21 '16 at 16:39

Chris Snow

23,813
35
144
309

votes

0 answers

How to use gssapi kerberos in c / c++ client server cross-platform programs?

I had to "sporadically" work with Heimdal / MIT Gssapi for kerberos authentication over past couple of years. I had to build an application that was to be used as a web-service running on a Linux box, and serve client applications like browsers,…

c++ c linux kerberos gssapi

asked Jan 13 '14 at 11:11

mdk

6,225
1
25
30

votes

1 answer

What is a keytab exactly?

I am trying to understand how Kerberos works and so came across this file called Keytab which, I believe, is used for authentication to the KDC server. Just like every user and service(say Hadoop) in a kerberos realm has a service principal, does…

security hadoop authentication kerberos keytab

asked May 09 '17 at 07:04

white-hawk-73

votes

2 answers

How can I fix the Kerberos double-hop issue?

I'm having some trouble calling a web service from within a web application and I was hoping someone here might be able to help. From what I can tell, this seems to have something to do with the Kerberos double-hop issue. However, if it is, I'm not…

asp.net wcf impersonation kerberos

asked Feb 18 '13 at 01:51

Steve Platz

2,215
5
28
27

votes

2 answers

Lifetime of Kerberos tickets

I have started with configuring kerberos. Can anyone explain the ticket lifetime and renew lifetime we set in the krb5.conf file. ticket_lifetime = 2d renew_lifetime = 7d Is it like After 2 days client will get the new renewed ticket ? After 7…

kerberos

asked Feb 04 '13 at 07:28

saiyan

votes

2 answers

Secure this invaluable documentation on using C/C++ with GSSAPI and SASL

I have been working on using GSSAPI in c/c++ applications, for some time now. Obviously I had to google and research a lot. One of the most interesting documentation I discovered was on Sun's old web-site. After Oracle took over Sun, the old…

c++ c kerberos sasl gssapi

asked May 03 '12 at 12:30

mdk

6,225
1
25
30

votes

3 answers

How to connect with Java into Active Directory

I am using Weblogic, Ejb3.0. Java 1.6 I need to access Active Directory via Java code. I read about several ways (Kerberos, LDAP) Anyone could advice me on comfortable way of doing so? where could I have some full code examples, thanks, ray.

java jakarta-ee active-directory ldap kerberos

asked Dec 18 '11 at 12:49

rayman

20,786
45
148
246

votes

8 answers

IIS Returning Old User Names to my application

Here's my scenario. I created an application which uses Integrated Windows Authentication in order to work. In Application_AuthenticateRequest(), I use HttpContext.Current.User.Identity to get the current WindowsPrincipal of the user of my…

asp.net security iis authentication kerberos

asked Oct 03 '08 at 21:15

Dave Markle

95,573
20
147
170

2 3

…

99 100 Next