Questions tagged [kerberos]

0

votes
0

answer
3

Views

Flask_kerberos KrbError: ('Principal not found in keytab', -1)

I am trying to integrate kerberos with flask/python. I have followed the steps in: https://flask-kerberos.readthedocs.io/en/latest/ I get the error mentioned whenever I try to get principal details. principal = kerberos.getServerPrincipalDetails('http', '10.113.41.11') This is my keytab details: Ke...
user3027865
1

votes
0

answer
7

Views

Configuring Tomcat to use kerberos enabled proxy

I am running a Tomcat web app that needs access to an external website through a proxy but I'm having difficulties finding instructions for this circumstance. Do I need to create the krb5.ini file and make tomcat aware of the kerberos environment or should the windows Tomcat service authenticate?
Ross P
1

votes
0

answer
228

Views

Flyway GSS Authentication Failed Postgres Connection Error

When attempting to connect to our Postgres instance using Flyway, I get GSS Authentication failed connection error: Unable to obtain Jdbc connection from DataSource ( jdbc:postgresql://host/database? kerberosServerName=postgres& jaasApplicationName=pgjdbc ) for user '[email protected]': GSS Authe...
Brady Clifford
1

votes
0

answer
775

Views

Spark structured streaming with secured Kafka gets freeze on a log message [INFO StreamExecution: Starting new streaming query.]

In order to use structured streaming in my project, I am testing spark 2.2.0 and Kafka 0.10.1 integration with Kerberos on my hortonworks 2.6.3 environment, I am running below sample code to check the integration. I am able to run the below program on IntelliJ on spark local mode with no issues, but...
nilesh1212
1

votes
0

answer
63

Views

CDH spark steaming consumer kerberos kafka

Does any one tried to use spark-steaming(pyspark) as consumer for kerberos KAFKA in CDH ? I search the CDH and just find some example about Scala. Does it means CDH does not support this ? Anyone can help on this ???
znever
1

votes
0

answer
44

Views

Getting garbled command line responses when querying webHDFS via CURL

I am getting the following output when trying to write a file into a kerberized HDFS: I get the same output when trying to read from the HDFS as well: Is it an error? If so, how do I fix it? The files I intend to read or write are not being read or written with these commands.
Kristada673
1

votes
0

answer
76

Views

Kerberos multi-hop delegation through PowerShell and Python to SQL

I've got an SSIS package which runs using the SQL Server Agent account (also has an AD account) on which I've enabled Kerberos delegation. I've set all the permissions (Set-ExecutionPolicy for PowerShell, etc.) on the file systems to run the necessary scripts, but trying to access the SQL server usi...
TomNash
1

votes
1

answer
176

Views

Performances spikes on Node.js application using LoopBack and Kerberos

Our API's implemented with Node.js using the LoopBack framework retrieving data from HBase using Kerberos as authentication layer show inexplicable performance spikes of 5000 ms and 10000 ms with the bulk of the requests returning a result within 1000 ms. performance spikes Our applications are run...
Edwin Scheepstra
1

votes
0

answer
262

Views

Spark and secured phoenix not working on yarn

I am trying to connect to secured phoenix through spark in yarn using JDBC, and i can see on the logs, it is connecting successfully: JDBC URL: jdbc:phoenix:zookeeper_quorum:/hbase-secure:[email protected]:/path/to/keytab/someprincipal.keytab 18/02/27 09:30:22 INFO ConnectionQueryServicesImpl:...
Azel
1

votes
1

answer
1.9k

Views

Ansible service task fails with “Could not find the requested service XXX”

I am trying to create ansible playbooks to install and configure kerberos on centos7. I have a task which yum installs the required rpms - name: install kerberos yum: name={{ item }} state=present with_items: - krb5-server - krb5-libs And a task to start the service - name: start kerberos service se...
ayyrex
1

votes
1

answer
995

Views

Kerberos ticket renewal on Spark streaming job that communicates to Kafka

I have a long running Spark streaming job that runs on a kerberized Hadoop cluster. It fails every few days with the following error: Diagnostics: token (token for XXXXXXX: HDFS_DELEGATION_TOKEN [email protected], renewer=yarn, realUser=, issueDate=XXXXXXXXXXXXXXX, maxDate=XXXXXXXXXX, sequenceN...
David Chen
1

votes
0

answer
150

Views

Why does my Swift code work in playground but not in the real cocoa app?

I'm currently trying to automate things in a macOS status bar application. Now I had tried to make the Kerberos Login in a Process (previous called NSTask). In my playground, the code creates successfully the token. But when I move the code to the real app, it failed. I get this error message: 'kini...
MOE
1

votes
0

answer
37

Views

KerbRetrieveEncodedTicketMessage failing with constrained delegation

We are using LsaCallAuthenticationPackage with KERB_RETRIEVE_TKT_REQUEST of type KerbRetrieveEncodedTicketMessage. We impersonate a Windows identity and then use LsaCallAuthenticationPackage to get the tickets. We are able to retrieve tickets (tgt and service tickets) when using unconstrained deleg...
user7324528
1

votes
0

answer
49

Views

Service for User to Self

When it comes to Windows permissions a security principal (Admin1) can gather information on another security principal (User1) e.g. their (SID) and group membership (Group SIDS). Then take this list of SIDS and compare it to an ACL (for example on a file/folder) to check if this other security prin...
CAshtones
1

votes
1

answer
226

Views

Spring Webflux + LDAP/Kerberos Security

I got a Spring Boot 2 Reactive Web Application that currently has a JWT-based authentication system. Now I would like to add a LDAP backend for authentication and allow Single-Sign On (SSO) via Kerberos. It seems Kerberos and LDAP support is currently limited to webmvc and no dedicated reactive vers...
1

votes
0

answer
93

Views

C# MVC delegation failing in Chrome and MobileIron browswer, but not in IE

I have a web app that is attempting to use delegation for retrieving files and making requests to other servers. I have Kerberos all set up and running fine (I think), but the delegation is only working in IE. The code System.Security.Principal.WindowsImpersonationContext impersonationContext; i...
Matt J
1

votes
1

answer
378

Views

Kerberos Double Hop

We have the infamous Kerberos double hop issue. This is a brand new domain, being migrated from another provider where impersonation and delegation was previously working. We have upgraded OS's and to the latest SQL server (2017). WPF app (using domain creds) -> Web Service (WCF app on IIS 10) -> SQ...
Greg
1

votes
1

answer
238

Views

How to use Kerberos libraries in Python?

I am trying to use some Python library to automatically login to a Kerberos account. For example, I found requests_kerberos, and my code is: import requests from requests_kerberos import HTTPKerberosAuth, REQUIRED r = requests.get('https://cas.id.ubc.ca/ubc-cas/login', auth=HTTPKerberosAuth()) Howev...
Eric Stdlib
1

votes
0

answer
76

Views

Delay in fetching kerberos tokens : python gssapi securitycontext

Hi I'm using a python function as follows for fetching kerberos tokens def get_token(server): service = gssapi.Name('[email protected]%s' % server, gssapi.NameType.hostbased_service) ctx = gssapi.SecurityContext(name=service, usage='initiate') attempts = 0 while True: try: print('before') token = ctx.step() pri...
unnikrishnan r
1

votes
0

answer
59

Views

Spring kerberos Authentication Times Out

I have a spring boot application that authenticates via Kerberos. The KerberosLdapContextSource accepts a list of LDAP URLs as one of it's constructor parameters. I use this parameter to pass the LDAP URL of each of our ActiveDirectory nodes (they're behind an SLB but Kerberos doesn't accept that)....
1

votes
1

answer
203

Views

Connecting Kerberos + SSL enabled solr in spark job under yarn

I have SOLR 6 cluster which is Kerberos and SSL enabled. When i connect to it with a test client with CloudSolrClient it works fine. But the same code when run it in spark job driver I get below check sum failed Error. I checked all the mentioned issues related checksum like reverse dns lookup and...
avinash patil
1

votes
1

answer
115

Views

What does Kerberos give me that LDAP isn't?

I'm working on a project now where I have a CMS with a plugin that allows me to authenticate users via LDAP. So far, so good. I built out an LDAP server. The plugin works. I am authenticating. The client has been talking about using LDAP for authorization and Kerberos for authentication (even though...
PhillyWebGuy
1

votes
1

answer
627

Views

Kerberos: GSSContext name of the context initiator is null

I'm trying to integrate SSO via Kerberos/SPNEGO in my application as described here https://docs.spring.io/spring-security-kerberos/docs/1.0.2.BUILD-SNAPSHOT/reference/htmlsingle/#samples-sec-server-win-auth My context.xml looks like this: I can access the secret part of my application when explicit...
Shareil
1

votes
0

answer
120

Views

kerberos authentication for mongodb in node running on windows without specifying password?

It it possible to use kerberos authentication with mongodb without specifying password when running the node app in windows environment? I can successfully log in to my mongo server from command line: mongo.exe --host xxxx.yyyy.zzzz.com --port 27017 --username [email protected] --authenticationMec...
1

votes
0

answer
355

Views

How to renew Kerberos ticket for Kafka in Spring?

I have a Java Spring application (running on a server outside of Hadoop cluster) that connects to Kerberized Kafka topic (Secured by Kerberos on the Hadoop cluster) using KEYTAB file and pushes streaming data. The issue I'm facing now is that the TGT gets regenerated every 24 hours and my Java appli...
kavehmb
1

votes
2

answer
709

Views

Error getting a JDBC connection to Hive via Knox

I have a Hadoop cluster running Hortonworks Data Platform 2.4.2 which has been running well for more than a year. The cluster is Kerberised and external applications connect via Knox. Earlier today, the cluster stopped accepting JDBC connections via Knox to Hive. The Knox logs show no errors, but th...
Ian Pletcher
1

votes
0

answer
157

Views

Weblogic client gets a 401 Unauthorized Kerberos exception but my main class does not, Do you know why?

I have an application running as a weblogic startup class. When it gets to the point where it has to request a service from my application that is setup with Kerberos Service Principal I get a 401 Unauthorized exception (As seen below). When I run the application through a normal private static voi...
SandMan
1

votes
0

answer
254

Views

Waffle Java Client: How to use a specific domain user to authenticate against a web service

The short version: I have a Tomcat hosted Java Spring app and am trying to access a local OData web service that uses Kerberos/NTLM authentication. The app calls the web service automatically on a schedule. As such I have no logged in user. My research so far has led me to believe that the Waffle AP...
Jon C
1

votes
0

answer
154

Views

Waffle SSO authentication with Basic fallback

I have configured Tomcat SSO authentication with Waffle: This works fine, and supports Negotiate with NTLM fallback. What I would like is to add BASIC authentication fallback. Is there a way to achieve this? I have tried this by adding Tomcat's JAASRealm + Waffle's JAAS support (using Tomcat's Combi...
slobo
1

votes
0

answer
493

Views

kerberos authentication in Kudu for spark2 job

I am trying to put some data in kudu, but the worker cannot find the kerberos token, so I am not able to put some data into the kudu database. here you can see my spark2-submit statement spark2-submit --master yarn 'spark.yarn.maxAppAttempts=1' --conf 'spark.authenticate=true' --deploy-mode cluster...
Lukas
1

votes
0

answer
62

Views

RCurl Post not working with kerberos authentication and SSL

POST request with a json body. Response back is also in json. Without kerberos authentication, it is working. But its failing when I enable kerberos with SSL. The server logs show no issue, handshake is successful and server shows 200 response code. For some reason, R client is throwing an error....
user236215
1

votes
1

answer
146

Views

Storing parquet to Kerberos secured Webhdfs from Spark

I'm writing to a webhdfs path, secured by Kerberos, from Spark. And part of it is actually working, but it breaks down when writing parquet files to the (web)hdfs location. The authentication & authorization work and the script creates the path structure needed to store the partquet files to, but wh...
Tom Lous
1

votes
1

answer
423

Views

Kerberos library is not installed

I have a simple project to test Kerberos authentication. This is a Windows machine. In my package.json: 'dependencies': { 'kerberos': '^0.0.24', 'mongodb': '^3.0.10' } Connection URL: const url = 'mongodb://userxxx%40XXXXX.XXXXX.COM:[email protected]:27017/?authMechanism=GSSAPI&authSource=%24ex...
Alex Polkhovsky
1

votes
0

answer
212

Views

Connectivity issue with Kerberized HBase via Java application running outside HDP Cluster

We have a java application running on the Liberty IBM WebSphere server and trying to connect to the HBase on the HDP cluster to persist some data. Now we are facing issues to connect to HBase(kerberized) on HDP cluster. We have been able to connect to HBase via Spark, Storm or application running...
Puneet Babbar
1

votes
1

answer
129

Views

Python Vertica: How to use Kerberos authentication with vertica-python module?

I am using Uber's vertica-python native python adaptor (https://github.com/uber/vertica-python), and I am trying to integrate kerberos authentication with it. Is there a way I can do it? Problem: The database user I want to use with my script has authentication method kerberos set to highest priori...
dr_dino
1

votes
1

answer
180

Views

HTTP/Spnego with Kerberos authentication for Finatra web server

I try to use Spnego with Finatra web server but I don't succeed. Here my GitHub project: https://github.com/glegoux/spnego-server-finatra With wireshark: error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. My server log: ... Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ti...
glegoux
1

votes
0

answer
236

Views

macOS using kerberos proxy authentication in the command line

My network configuration requires a proxy authentication to connect to the internet. Most of the applications use the proxy settings from the system preferences which use the kerberos to authenticate. Unfortunately the Terminal does not. After searching a little bit I found one solution which does n...
MOE
1

votes
0

answer
76

Views

Kerberos Support for FileNet .Net client hosted on IIS

We have .NET applications which are integrated with FileNet and connect to custom FileNet application hosted on IIS which retrieves documents. We ahve requirement to pass pass user credentials from .Net apps connection to FileNet. However, we dont want to pass password to FileNet web service. So we...
amitbvsb
1

votes
0

answer
182

Views

mongodb sasl unable to find a callback 32775

I installed a MongoDB server 4.0 Enterprise Edition on a Windows Server 2012 R2 and configured kerberos authentication following the official documentation https://docs.mongodb.com/manual/tutorial/control-access-to-mongodb-windows-with-kerberos-authentication/ When I tried to connect to the MongoDB...
1

votes
0

answer
364

Views

How to connect to SQL Server with JDBC connection from sparklyr with kerberos authentication?

I am having trouble accessing my SQL Server database using Kerberos with a JDBC connection. Note I'm running Linux with Spark version 2.2.0. I am not specifying anything related to kerberos tickets in my spark_connect, as I've heard rstudio server pro may have an overlapping capability, though I am...
Zafar

View additional questions