How can I get a Kerberos ticket with Delphi?
According to this you should be able to get one with the InitializeSecurityContext windows API call.
According to this you should be able to get one with the InitializeSecurityContext windows API call.
You can manage to get by this way. 1) Create asp.net web service application. 2) Implement web service and method to call from silverlight applicaton. [WebMethod] public string GetClientUserName() { return System.Web.HttpContext.Current.User.Identity.Name.ToString(); } 3) Deploy this web service application on web server. Don’t allow anonymous user to access this. 4) Add this service to Silverlight … Read more
There is now a simple solution for this using the Apache HTTP Components Client 4.5 or greater. This is still marked as experimental in 4.5 so your milage may vary, but this is working fine for me in an enterprise context. In addition to the HC 4.5 client jars you will need to have the … Read more
Here is a simple code that authenticate and make an LDAP search usin JNDI on a W2K3 : class TestAD { static DirContext ldapContext; public static void main (String[] args) throws NamingException { try { System.out.println(“Début du test Active Directory”); Hashtable<String, String> ldapEnv = new Hashtable<String, String>(11); ldapEnv.put(Context.INITIAL_CONTEXT_FACTORY, “com.sun.jndi.ldap.LdapCtxFactory”); //ldapEnv.put(Context.PROVIDER_URL, “ldap://societe.fr:389”); ldapEnv.put(Context.PROVIDER_URL, “ldap://dom.fr:389”); ldapEnv.put(Context.SECURITY_AUTHENTICATION, “simple”); … Read more
You have a Kerberos/GSSAPI authentication set as the preferred, yet you do not seem to actually use/want it. As you do not specify any username or password for the Kerberos prompts. This problem can appear spontaneously, when either Kerberos gets installed on the the client PC or the server starts to support Kerberos. The solution … Read more
I’ve actually been doing something like this recently but am using spring security kerberos. I put an example on github here. The key thing that I found that I needed set up to use constrained delegation like you want it and S4U2Proxy was to make sure (if you’re using Oracle/OpenJDK) you set isInitiator=true in your … Read more
You are not alone in the quest for Kerberos auth to HBase from Spark, cf. SPARK-12279 A little-known fact is that Spark now generates Hadoop “auth tokens” for Yarn, HDFS, Hive, HBase on startup. These tokens are then broadcasted to the executors, so that they don’t have to mess again with Kerberos auth, keytabs, etc. … Read more
This can happen when you are running the client and server on the same machine. When you use IE to talk to the machine running tomcat ensure that these are distinct machines. Additionally you need to ensure that the server machine is joined to the domain specified in the keytab (testdomain.ourcompany.co.uk) or you might drop … Read more
The intermediate server must be trusted for delegation. Otherwise no credential will be delegated and the intermediate server cannot impersonate the original client.
A Kerberos TGT has a lifetime (e.g. 12h) and a renewable lifetime (e.g. 7 days). As long as the ticket is still valid and is still renewable, you can request a “free” renewal — no password required –, and the lifetime counter is reset (e.g. 12h to go, again). The Hadoop authentication library spawns a … Read more