Stack Overflow
Stack Overflow

Questions tagged [kerberos-delegation]

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server. A common example is a web server passing the credentials of the client user to a database server behind it. Without Kerberos delegation in place, the client user credentials cannot be passed to the database server.

126 questions
8
votes
2 answers

Ansible playbook, what is the proper syntax to run a powershell script with a specific (domain) user, in an elevated mode?

running Ansible 2.4.2 in an offline environment, using kerberos to authenticate, Via an ansible playbook, what is the proper syntax to run a powershell script with a specific (domain) user: DOMAIN\someuser, in an elevated mode? By elevated mode I…
Nahshon paz
  • 4,005
  • 2
  • 21
  • 32
7
votes
1 answer

SSPI sql access fails in remote powershell request due to double-hop failure, constrained delegation

We are trying to run an automated install from serverA on remote serverB which needs to talk to sql serverC using windows authentication. Invoke-Command -ComputerName serverB -ScriptBlock { $conn = new-object System.Data.SqlClient.SqlConnection…
Justin
  • 1,303
  • 15
  • 30
6
votes
1 answer

Connect to SAP HANA DB using jdbc and Kerberos Delegation

Is it possible to connect to SAP HANA DB from my java application using jdbc and Kerberos Delegation? Now I can create jdbc connection to SAP HANA DB without input db login and password, using only windows login. For this I set Kerberos External ID…
Alexander
  • 481
  • 3
  • 11
6
votes
2 answers

Hadoop Security

I am trying to learn " How Kerberos can be implemented in Hadoop ?" I have gone through this doc https://issues.apache.org/jira/browse/HADOOP-4487 I have also gone through Basic Kerberos stuff ( https://www.youtube.com/watch?v=KD2Q-2ToloE) After…
Rohit Sarewar
  • 157
  • 9
5
votes
1 answer

MS IE & Edge fall back to http/1.1 after Kerberos Negotiate via http/2

We recently updated our Apache (v 2.4.33) Reverse Proxy to use http/2 MS IE (v 11.431.16299.0) and MS Edge (v 41.16299.402.0) on Win 10E 1709 seem to fall back to http/1.1 after the first request. Both browsers sticks then to http/1.1 and do not…
themenace
  • 2,601
  • 2
  • 20
  • 33
5
votes
3 answers

Client cannot authenticate via:[TOKEN, KERBEROS]

I'm using YarnClient to programmatically start a job. The cluster i'm running on has been kerberos-ized. Normal map reduce jobs submitted via "yarn jar examples.jar wordcount..." work. The job i'm trying to submit programmatically, does not. I…
Eric Fulton
  • 87
  • 1
  • 1
  • 6
4
votes
2 answers

Kerberos Resourced based constrained delegation in cross realm setup

I'm trying to use latest JDK 8 to perform resource based constrained delegation, and seems to be running into issues getting the service ticket for the last leg of the S4U2Proxy call. Here is my setup: Two microsoft AD forest with two way forest…
Thomas Yin
  • 51
  • 5
4
votes
0 answers

Chrome headless does not support Chrome Policies from registry

I am using Google Chrome (v.65 stable) to access a company intranet site which uses kerberos credential authentication. To do this I edited the registry Google Chrome Policies to the…
TKW
  • 317
  • 4
  • 11
4
votes
1 answer

Windows Authentication Impersonation - Second request gets wrong user identity

I have the following architecture: Client1(Browser-App) -> Server1 (WebAPI/IIS) -> Server2 (WebAPI/IIS) I am using ASP.NET for my server-side applications/apis and the user should be authenticated via "windows integrated authentication". As you can…
user437899
  • 8,879
  • 13
  • 51
  • 71
4
votes
2 answers

Asp.net delegation

I am making a .Net Web API that gets data by calling an SQL server. The user is authenticated via Windows Authentication (Kerberos). I would like the user credentials to be passed to the SQL server via delegation, but the SQL server sees an…
Rune Simonsen
  • 61
  • 4
3
votes
1 answer

IIS Impersonation not working when app pool runs with domain account

I have an ASP.net application running in an windows intranet environment. I have a requirement to perform certain database updates as the currently logged in user. IIS/server info: IIS version 10 Windows server 2019 ASP.net web forms…
Joe LaRue
  • 132
  • 1
  • 5
3
votes
0 answers

Create process as different user with Java and Kerberos

I am working on a Java server application (running under Windows as a service) and want to achieve the following scenario: A user issues a POST request to the server. The user is authenticated with Kerberos (SPNEGO, SSO in an enterprise…
Spiegelritter
  • 806
  • 1
  • 7
  • 16
3
votes
1 answer

Kerberos Double Hop

We have the infamous Kerberos double hop issue. This is a brand new domain, being migrated from another provider where impersonation and delegation was previously working. We have upgraded OS's and to the latest SQL server (2017). WPF app (using…
Greg
  • 85
  • 1
  • 8
3
votes
0 answers

What is the right way to create a CloudSolrClient with Kerberos Delegation?

Firstly, I would like to check if my understanding is correct on how this should be implemented. After reading the Solr 6.6.0 Kerberos Documentation (I've included some code snippets below) I believe I would need to create an initial CloudSolrClient…
darkCode
  • 140
  • 8
3
votes
0 answers

HDFS_DELEGATION_TOKEN can't be found in cache

I am running a spark streaming job deployed in yarn client mode which will frequently dealing with HDFS, Our hadoop cluster version is hadoop-2.6.0-cdh5.7.3 and the patch file in jira HDFS-9276 has been introduced into this version, but I still got…
jackiehff
  • 51
  • 1
  • 2
1
2 3
8 9