Hi, I'm new to kerberos, jaas and gssapi and I need help. I'm on solaris 10. After kinit, klist shows the following:bash-3.00# klistTicket cache: FILE:/tmp/krb5cc_0Default principal: kerberos-test@RICHMOND.COMValid startingExpiresService principal07/20/07 18:09:16 07/21/07 02:09:16 ...

Hi there,I have got a question regarding GSSContext's wrap()/unwrap() methods. These methods take a parameter, class MessageProp,an instance of this class is used to indicate the desired Quality-of-Protection (QOP)The qop is can be set by an integer, but which kind of protection is it indicated by ...

I am authenticating users using JAAS/Kerberos against Active Directory.(Java 6 on Windows XP professional).It works fine for all scenarios accept when trying to authenticatea locked account.I purposly locked an account to get the error code returnedso that I can display a "your account is locked" ...

I just stumbled over an issue w/ unicode characters in passwords.I extracted my machine's account password using the windows LSARetrievePrivateData API using the Win32 Python Extensions. Result: was a unicode string with one catch: it contained the character '\ude09', a lower surrogate ...

Hi everybody.I am trying to connect to winrm service using Kerberos authentication and there are no any problems with it. But this service allow(by default) only Kerberos or Negotiate encrypted HTTP message. Do anybody know how to do it ? I am using standart HttpURLConnection class but after ...

Hello Dudes,Can anybody tell the way how to develop an application with integrated windows domain authentication ? (By using Java)Help appriciated.And i don't know is it the correct forum to post. If it is not correct forum please reply me with links to the correct forums.Thanks in ...

i am trying to implement SPNEGO in web application since the IE is supporting SPNEGO . Client is the IE and the server code written in java. basic things are working. now i have doubt of where this mutual authentication and DES encryption comes in this scenario... pls anybody..help me in ...

HiThank you for reading my postIs there any sample (java files) with a howto that i can use as an start point?for example some complete sample which authenticate users with windows server 2003,and sample gives some details about when to use kinit and klist and ...

HiThank you for reading my postCan some one please explain what is relation of Kerberos and Active Directory with java? By my knwledge LDAP (such as AD) can store many information and also userID/password which we usually use for authentication.What is relation of kerberos with LDAP (AD) and ...

Hi all.When I use kinit on 1.5 a ticket is generated correctly but under 1.4 I get a Pre-authentication error.Why is it differnt between the 2 environments?Is there something special I'm missing (... I've probably set myself up here! :-) in the 1.4.2 environment?The same thing happens when I ...

Please, I am beginner with respect to the kerberos protocol and have some doubts of its use:1) Is Kerberos security suitable for financial applications?2) What are the advantages of kerberos with respect to SSL?3) Does Java provide full support for kerberos?Thank ...

I'm trying to set up single sing-on (SSO) into a web application with Kerberos, where the web application in turn should use the Kerberos ticket it received to access a backend service on behalf of the user.In theory this should be a fairly straightforward Kerberos delegation scenario.I'm ...

Im attempting to do a GSSAPI SASL authentication (as a server) with a hostname that is exactly the domain name: slushpupie.com . It isnt working, even though the same application works when the hostname has more than one dot (like host.slushpupie.com) Ive managed to reduce the application down ...

Hi,Is there a way to get domain logged user name using NTLM authentication into JSF page.Please provide any solution on this ?

I searched the internetand this forum a lot without finding a non commercial solution to this common scenario.Inside an active directory based intranet I would like to authenticate the users who access a java web application running on Tomcat.The requisites to meet are:- the users connect with ...

Hi,I am looking how can i get user name of windows logged in user. I want to display the user name in the welcome message of the application. The user will be logging into the domain. Please note that I need windows logged in client user name.Please give suggestions or any direction on ...

Hi,I have been configuring SSO using Active Directory 2003. Its on Windows Server 2003 enterprise SP1. First I configured using DES. I used Set User Account for DES for both client user and SPN. Then I created proper keytab file using -crypto des-crc-md5, +DESOnly tags. But I still kept on ...

Hi,I hope not too much people are not reading this post because of the very common error message. But I'm really somewhat confused:For testing Kerberos 5 SSO I set up a little domain controller running Windows 2003 Server and a client in the domain running Windows XP. In the active directory I ...

I'm following the exercise presented here: http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part6.htmlIIS says it can accept Negotiate or kerberos.The application RunHttpSpnego fails with exception saying it received a response code 401 from the server.If I configure IIS to ...

Hey,I have a Kerberos SSO application with JAAS/JGSSAPI according to the tutorial which can be found here: http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.htmlMutual authentication with initSecContext() and acceptSecContext() works fine. Now, on the server side, I would ...

I am rather new to Kerberos. Our workstations when logging in already have a TGT stored in memory. I have been trying to find a way to pull this information from the memory cache. Is this even possible? If so, where should I begin?Thanks!

I am having trouble getting SSO with Kerberos/AD working. I can authenticate against AD if I have captured username and password, but I cannot authenticate using credentials arising from a Windows login.I am on W2000, SP4. I am using JDK 1.5_10. I have set the Windows registry value as ...

Hi all,I'm facing a problem : the kerberos related utilities (kinit/klist/kdestroy) have disappeared since Java 1.6, and only under Linux. In a Windows installation, there's no problem.My question is : how can I replace now these utilities ? Is it a bug in the JDK or JRE installation package ...

Hey,I am working on a single sign-on solution for smart clients (written in Java). Kerberos authentication with JAAS works fine, but what is the Java GSS API for? That - according to some Tutorials like "Single Sign-on Using Kerberos in Java" - is supposed to be executed in the Subject's doAs ...

I am attempting to write a proof of concept of Single Sign On using Kerberos and Active Directory.I have searched through these forums and found several suggestions which I have attempted to use, in fact my code snippet below comes from these forums.I have set the registry setting ...

Hi people,I have tried the GSS-API without JAAS tutorial for java 1.5 at http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html with that config:1) Environment config:- JKD 1.5.0 update 11- Windows XP pro against Active Directory on a Windows Server2) The ...

Hello!I am trying to integrate kerberos SSO into weblogic platform.Doing exactly as it is described here - http://dev2dev.bea.com.cn/techdoc/20060621823.htmlMy jaas config:com.sun.security.jgss.initiate {com.sun.security.auth.module.Krb5LoginModule requiredprincipal="HTTP/wl.dev.org@DEV.ORG" ...

Hey,I am working on a single sign-on solution, using JAAS and Kerberos. The user should log-in to Windows and run an Java app afterwards which authenticates him to the KDC. Every other application should only connect to the KDC to authenticate the user.Is there a possibility to obtain the user ...

I'm trying to write a Java Servlet Filter to perform kerberos through Spnego. I'm working with a windows 2003 Server (Enterprise Edition) but I keep getting prompted for the password. This obviously won't do for a server program so I'm trying to figure out a way around entering the password ...

Hello,I need to find a Java library to be able to connect with HTTP to an Apache server which use the Kerberos (Negotiate) for authentification.Does anyone know something useful for me ?Thanks,Laurent

Hi experts !I use Basic Authentication with ISS + Tomcat. I want to get user information from request.getHeader("Authentication") in a servlet. I have decoded it by Base64 coding. And I have following content:Negotiate ...

Hi,excuse me to disturb but i'm with a problemI can't resolve by myself and the prevoious post on the forum is not of a big help on it ...I have to struggle with SPNEGOSo after reading back the tutorials on security stuff (obviously there was a lot I had to learn and understand about security ...

Hi,In the examples I have seen, a SPENGO token is transferred from client to server via sockets. Once the token is obtained,GSS-APi calls like the following can be called to extract the userIdfrom the SPENGO token. In the code below,innerContextToken would be obtained after some socket based ...

Hi,I am trying to run the GSSClient/GSSServer example in the JAAS/JGSS tutorial. In the tutorial it says "So for the purposes of trying out this tutorial, you could use your user name as both the client user name and the service principal name. "As I dont have permissions to make modifications ...

HTTP/SPNEGO for "SSO" on MS Windows Hi all of you !The scene is simple : I got a software (All in plain java ) and some simple web access to this system. ( it's not a real web server wich will be in need for Apache or some big container it's just a few access to some informations of the ...

Hi,How can I validate a kerberos ticket that was generated on a non java platform and extract the name of the prinicipal from it ? In essence, this is a cross platform SSO.Here is the background. A C# client is sending the ASN encoding of a Kerberos ticket to a java server via a web service ...

I hope this is a newbie question for you guys out there since I've been googling for a solution for days but no luck so far. I am trying to learn JAAS programming and got started from a very simple example where a client authenticate to kerberos and send messages to a echo server. I am using ...

SPNEGO - when I try this with Java version "1.6.0-rc", I end up with a GSSException with the message "Operation unavailable". How do I get more information about what this exactly means?--Specifically, I have a string starting with ...

Hi All,I have configured mod_auth_kerb with apache. After kerberos authentication I am not able to get user name that is authenticated.In Apaches error log file the name of the user got printed.Can anybody tell me how to get it?Please guide ...

I am facing one problem and I have been working for that from 3 days. But still I am not able to get solution.I want to perform Kerberos authentication. I am using Apache and orion webservers.I have installed mod_auth_kerb ( Kerberos module for Apache ). The authentication using Apache is done ...

My team is in the process of building a client/server platform in Java that interoperates with a proprietary platform. The existing platform uses a proprietary security architecture that was inspired by Kerberos (v4?). Rather than develop my own security API, the JGSS-API seems like a good fit ...

Hii Javaties I need to implement Single Sign On.Can anbody tell me how 2 get started.Do i need to use Kerberos for SSO.

This relates to my follow-up question in this thread: http://forum.java.sun.com/thread.jspa?threadID=779326I now know how to properly set the value of "java.security.auth.login.config" to point to a file in a jar. But when I try the same for the "java.security.krb5.conf " setting, I get this ...

Hi,We have implemented a Sinlge Sign On solution based on Kerberos and the Java GSS-API. The implementation pretty much follows the examples given in the JAAS Tutorials. It is now runningin my company and it works fine except until there are less than two hours until your TGT expires. Then an ...

Hi all,while developping a client-server application,I've had the occasion to read a document ABOUT the kerberos protocol and found it very interesting. I've tried customizing my codes so the authentification process looks like the concept of kerberos. But when trying to create the ...

Hi,I am trying to use kerberos based authentication. Current setup of kerberos uses DNS based lookup of KDCs .i.e KDCs are not listed in krb5.conf file.Could someone let me know if can this be achieved ?ThanksPraveena M

Hi, I have a setup where a web application is deployed to use SPNEGO for user authentication ( using kerberos V ) and authorization. We have several users with non english characters in the user ID and even though kerberos authentication succeeds for such users ( KDC / Active Directory is ...

We have a setup with windows2000 and Kerberos/JGSS. Can someone provide me with the information as to what additional needs to be done so as to be able to authenticate a username given in UTF-8 data. The user authentication for ascii characters succeeds for me but fails while I enter usename ...

Hi, I am trying to write a configuration tool to set Kerberos server name and so forth.It occurs to me that once "java.security.krb5.kdc" is set in JVM, the value can't be changed. The tool has to be shutdown and restarted to see use new value.Is there a better way than starting a new JVM? ...

HiI'm getting a Pre-authentication error for one user, all other users the authentication works well (60 others). So could anyone hazzard a guess as to why I get this problem just for this one user?I've looked at reasons for this error:a) bad passwordb) time skewc) useKeyTab option (I am not ...