Hello,I'm trying to authenticate a user against Active Directory with Java. It works well but when i'm trying to use special characters (like ? ? ? in the password, the kerberos logon fails. Do i have to encode my string in another format ? Does kerberos support these char ?The code: public ...

Hello:I am using j2sdk1.4.2_07 and attempting to incorporate single-signon. There is a very nice article describing all of the steps necessary @ http://e-docs.bea.com/wls/docs90/secmanage/sso.htmlMy problem is at the final step which uses the kinit utility to verify Kerberos authentication is ...

Hi,How can I use Kerberos authentication for my RMI clients? I have exposed my remote APIs and the clients should authenticate themselves and pass their security context before each call. Is there any example, tutorial available for this? The example given in Java SDK demonstrate message ...

Hi,Am using JOSSO and very new to this technology. I followed the steps as given in the guidelines page.After configuring my application, when executing am getting a message like this "Invalid Authentication Information" . I dont know why it is displaying this error.I followed exactly the ...

Hi all,im going to be really desperate from this error message during the authentization to the Win2003 server where the Active Directory is running ... Im using Krb5LoginModule. - Our administrator of the AD service has enabled DES encryption at the tested account. - Im sure that entered ...

Hi every one,I come to redefine my previous post, maybe I wasn't clear enough,that's why i seem to get no help...do some of you know how i can decode and handle myself SSO with AD ?To be more precise , I've already setup an clean config :An AD server (W2K3) on comupter "Main",an host for my ...

Hi,Am trying to use Java GSS Api(JDK 1.5) to perform kerberos authentication on a Windows 2003 server. Am following the steps specified in JDK docs.Am receiving following error while calling login on LoginContextDebug is true storeKey true useTicketCache false useKeyTab false doNotPrompt false ...

Hi.... Im trying to develope SSO solution for our portals..... i found, currently on windows environment only Active Directory. can be used as kerberos database.... but our users profile are stored in my sql database.. is it possible to use kerberos to authenticate users again mysql ...

I hope this is a newbie question for you guys out there since I've been googling for a solution for days but no luck so far. I am trying to learn JAAS programming and got started from a very simple example where a client authenticate to kerberos and send messages to a echo server. I am using ...

Hi, Actually i have created a web application uses GSSAPI(java1.6) . Implemented SPNEGO in the web application.. But the problem is , if AD(Active Directory windows 2003) and webserver (tomcat) is in same machine, my application is working properly when i browser through the IE. But the same ...

dear all,can i ask u to do me a favor to help me find a part of example malicious source code that is still able to execute despite Java抯 security measures cause i need it as a example in my report. i can't find any on google. thanks so much.

Hi, I currently have Apache 2.2.4 with mod_auth_kerb 5.3 running on Linux. I followed the instructions in http://www.grolmsnet.de/kerbtut/ to setup authentication against windows 2000 as KDC. I also configured IE to support SPNEGO so that i can do transparent authentication. Everything works ...

I am developing a single sign-on module for our company's Intranet site. I am using jcfis extended version, which supports Kerberos authentication. It requires a krb5.ini file in c:/winnt directory. I am using AuthenticationFilter class which will autheticate a request. I have Tomcat on my ...

Please, I am beginner with respect to the kerberos protocol and have some doubts of its use:1) Is Kerberos security suitable for financial applications?2) What are the advantages of kerberos with respect to SSL?3) Does Java provide full support for kerberos?Thank ...

Hi,Am relatively new in the domain of Java Security, JAAS and JGSS. After reading the tutorials and examples, I was able to do authentication and message transfer using Kerberos LoginModule. All the examples demonstrates message transfer and credential passing at socket level.But in normal ...

Hiii, i am trying to search my ldap, i am able to connect using kerberos, butwhen i perform ldap serach i am getting the below error messagejavax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid ...

Hi,I have a pair of questions about authentication/validation of Kerberos tickets against Active Directory.I needed to validate a Kerberos Ticket obtained in a login to an Active Directory. I have done so with the next steps.a) I have modified the Krb5LoginModule so as to create the Credentials ...

Hi,In the examples I have seen, a SPENGO token is transferred from client to server via sockets. Once the token is obtained,GSS-APi calls like the following can be called to extract the userIdfrom the SPENGO token. In the code below,innerContextToken would be obtained after some socket based ...

<h1>My Web Page</h1></td></tr></span></table></td></tr></span></table></td></tr></span></table></td></tr></span></table></td></tr></span></table><h1>This ...

We have a setup with windows2000 and Kerberos/JGSS. Can someone provide me with the information as to what additional needs to be done so as to be able to authenticate a username given in UTF-8 data. The user authentication for ascii characters succeeds for me but fails while I enter usename ...

Hi All,I have configured mod_auth_kerb with apache. After kerberos authentication I am not able to get user name that is authenticated.In Apaches error log file the name of the user got printed.Can anybody tell me how to get it?Please guide ...

Our application is java based, and we use JAAS to allow authentication for the users though Active Directory.In particular we alwyas encourage our prospect clients to use Krb5LoginModule.We would1. add new user to AD , set DES for the account, reset the password2.setspn -A ...

Hi guys,I had a similar post in this subject before. Though got no reply. I guess the question was not clear. I could trace the prblem a bit more .. Any clue to help me find the source of problem is really appreciated !I have developed a client and a web service ( Axis 1.4 + tomcat 5).Client ...

I've to port a Java SSO client (working correctly on W2K) on Vista.Dispite having set allowtgtsessionkey on Vista, the client seam not to be able to acquire the session key. With a network sniffer on the client I get:No.TimeSourceDestinationProtocol Info1713 6.357615138.191.82.26 10.168.24.44 ...

All,I'm getting the following error on a Solaris 8 machine:kinit: KRB5 error code 52 while getting initial credentialsSo far my analysis shows this error to indicate the following:0x34 - KRB_ERR_RESPONSE_TOO_BIG - Too much dataAccording to a number of forums, some inheriant limitations exist ...

Hello Dudes,Can anybody tell the way how to develop an application with integrated windows domain authentication ? (By using Java)Help appriciated.And i don't know is it the correct forum to post. If it is not correct forum please reply me with links to the correct forums.Thanks in ...

Hi!The problem is in web application.The customer claims that this is not Kerberos implementation when the user has to write thery username and password by opening the web page.The problem is that there is more than 500 users whose browser should be modified. And customer does not accept the ...

My simple program: public static void main(String[] args) throws KrbException, IOException {Credentials c = Credentials.acquireDefaultCreds();System.out.println("default creds: " + c);Credentials s = Credentials.acquireServiceCreds("HTTP/test.xxx.xx", c);System.out.println("service creds: " + ...

I want to pull the PAC out of AD-generated Kerberos credentials.1) Do I need to obtain a KerberosTicket, which I then examine as an ASN.1 encoded byte array, or is there an easier way?2) If I want to get a KerberosTicket on the server side, after a client has juggled contexts with me, how do I ...

Are the tokens generated by context processsing shippable/receivable without any modification?Are the tokens compatible with the tokens processed/created by the MSFT equivalent of GSS-API?Alec

Hi,I am trying to read a file from the remote http location using the following program.import java.io.BufferedReader;import java.io.IOException;import java.io.InputStreamReader;import java.net.Authenticator;import java.net.MalformedURLException;import java.net.PasswordAuthentication;import ...

Hi all,I'm facing a problem : the kerberos related utilities (kinit/klist/kdestroy) have disappeared since Java 1.6, and only under Linux. In a Windows installation, there's no problem.My question is : how can I replace now these utilities ? Is it a bug in the JDK or JRE installation package ...

Hey,I am working on a single sign-on solution for smart clients (written in Java). Kerberos authentication with JAAS works fine, but what is the Java GSS API for? That - according to some Tutorials like "Single Sign-on Using Kerberos in Java" - is supposed to be executed in the Subject's doAs ...

I am attempting to write a proof of concept of Single Sign On using Kerberos and Active Directory.I have searched through these forums and found several suggestions which I have attempted to use, in fact my code snippet below comes from these forums.I have set the registry setting ...

Hello, I am implementing Single Sign-on feature using Kerberos in Java.Ours is a web based application. When user opens application using browser, it sends windows username to Web server, the Web server should try to get valid KerberosTicket for this user and if the ticket is valid the browser ...

Hi all, I want to know various reporting tools which are downladable , fast and can save in pdf,csv,xml,doc,xls formatsCan any one give me the answers

Hello!I am trying to integrate kerberos SSO into weblogic platform.Doing exactly as it is described here - http://dev2dev.bea.com.cn/techdoc/20060621823.htmlMy jaas config:com.sun.security.jgss.initiate {com.sun.security.auth.module.Krb5LoginModule requiredprincipal="HTTP/wl.dev.org@DEV.ORG" ...

I'm trying to write a Java Servlet Filter to perform kerberos through Spnego. I'm working with a windows 2003 Server (Enterprise Edition) but I keep getting prompted for the password. This obviously won't do for a server program so I'm trying to figure out a way around entering the password ...

Hello,Is there an way to destroy an existing Kerberos ticket with Java 1.6 ?I need to do multiple access to the same server but with different authentification.Thanks,Laurent

Hi experts !I use Basic Authentication with ISS + Tomcat. I want to get user information from request.getHeader("Authentication") in a servlet. I have decoded it by Base64 coding. And I have following content:Negotiate ...

Hi,I am trying to run the GSSClient/GSSServer example in the JAAS/JGSS tutorial. In the tutorial it says "So for the purposes of trying out this tutorial, you could use your user name as both the client user name and the service principal name. "As I dont have permissions to make modifications ...

I use the following code for client authentication but it fails to authenticate the CA certificate.protected synchronized void authenticateClient() throws IOException, GSSException {byte [] outToken = null;byte [] inToken = new byte[0];while (!this.context.isEstablished()) {outToken = ...

Hi,Could some kind soul point to a java code sample illustrating the consumption of a SPNEGO token generated by a windows client ?ThanksRaman

Hi All,I am facing one problem.In my httpd.conf file I set KrbSaveCredentilas flag to ON. After successful authentication it should generate /tmp/krb5cc_usernamebut in my case it is generating /tmp/krb5cc_0.I am not able to understand why this is happening?please guide me.Thanx in ...

Hello,Trying authenticate with Kerberos I receive exception message :Failure unspecified at GSS-API level (Mechanism level: Integrity check on decrypted field failed (31))Does any body know what leads to this problem and how to fix it.Regards,Vitaliy S

Hi,Will Krb5LoginModule verify the authenticity of TGT in the ticket cache ?If yes, how it will do it ?Thanks in advance

Hi,I am trying to use kerberos based authentication. Current setup of kerberos uses DNS based lookup of KDCs .i.e KDCs are not listed in krb5.conf file.Could someone let me know if can this be achieved ?ThanksPraveena M

Hi, I have a setup where a web application is deployed to use SPNEGO for user authentication ( using kerberos V ) and authorization. We have several users with non english characters in the user ID and even though kerberos authentication succeeds for such users ( KDC / Active Directory is ...

Hi all I am developing a single sign on module for my company's Intranet site. The concept behind it is, when any employee will open the Intranet site, the user will be authenticated using his own window login and password without filling any Login form. It means users authentication will be ...

Hi,My company wanted to implement SSO for interanet web application. I had went through GSS-API using kerberos API. But the security team told that for kerberos authentication firewall port needs to be opened . They suggested for SAML. I went through SAML specification. It specifies the message ...