kerberos auth + different realm (wodSSH / wodSSH.NET)

by pavel , Tuesday, February 09, 2010, 01:47 (5561 days ago)

Hello,
We are testing your library with gssapi authentication. The first test are positive but one our server needs different realm (other than used by default) specified in order to authenticate.
How we can specify that using your library?

Re: kerberos auth + different realm

by wodDamir , Tuesday, February 09, 2010, 02:49 (5561 days ago) @ pavel

Pavel,

Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?

Regards,
Damba

Re: kerberos auth + different realm

by Pavel, Friday, February 12, 2010, 11:07 (5558 days ago) @ wodDamir

Pavel,

Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?

Regards,
Damba

Sorry for the delay.
Yes, it is possible to specify realm in the Putty.
Typical usage:
Your domain is local.net but server with service you are trying to connect is in different domain service.net
Using component it is possible to query ticket for local.net but not for service.net and the authentication fails.

Pavel

Re: kerberos auth + different realm

by Jasmine, Friday, February 12, 2010, 11:27 (5558 days ago) @ Pavel

Pavel,

I only see Service principal name in Putty. Is this what you're referring to?

Currently wodSSH automatically takes it from the hostname if I remember correctly.

Kreso

Re: kerberos auth + different realm

by Pavel, Friday, February 12, 2010, 11:40 (5558 days ago) @ Jasmine

No, alhough it can also be usefull.
Our version of Putty has such option (in ssh/auth):
http://www.nlm.cz/files/PuttySSO.zip

Pavel

Re: kerberos auth + different realm

by Jasmine, Friday, February 12, 2010, 11:43 (5558 days ago) @ Pavel

Pavel,

I will try to find source for your version of Putty to see what is this all about and how Putty handles it. I'll get back to you in 1-2 days.

Kreso

Re: kerberos auth + different realm

by Jasmine, Monday, February 15, 2010, 05:08 (5555 days ago) @ Jasmine

Pavel,

from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?

Kreso

Re: kerberos auth + different realm

by Pavel, Thursday, February 18, 2010, 10:22 (5552 days ago) @ Jasmine

Pavel,

from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?

Kreso

Yes,
using different host with domain has no effect, the component still tries to authenticate with the actual domain name.

Re: kerberos auth + different realm

by Jasmine, Friday, February 19, 2010, 01:17 (5552 days ago) @ Pavel

Pavel,

I can only think that what you refer is 1st argument in AcquireCredentialsHandle call. Perhaps we can try it out?

Can you please send email to techsupport@weonlydo.com and I'll send you back the DLL with hardcoded different realm. So, if that works and authenticates, we can then make more general version.

Would that be ok?

Kreso

Re: kerberos auth + different realm

by Jasmine, Tuesday, February 23, 2010, 12:17 (5548 days ago) @ Jasmine

Pavel,

hi. I may have found what you need, but I can't test it. If you're interested please send us email.

Regards,
Kreso

Re: kerberos auth + different realm

by Pavel, Wednesday, February 24, 2010, 01:05 (5546 days ago) @ Jasmine

Pavel,

hi. I may have found what you need, but I can't test it. If you're interested please send us email.

Regards,
Kreso

Hello,
I'm still interested, email send to techsupport.

Pavel

Product groups

Support

kerberos auth + different realm (wodSSH / wodSSH.NET)

Re: kerberos auth + different realm

Re: kerberos auth + different realm

Re: kerberos auth + different realm

Re: kerberos auth + different realm

Re: kerberos auth + different realm

Re: kerberos auth + different realm

Re: kerberos auth + different realm

Re: kerberos auth + different realm

Re: kerberos auth + different realm

Re: kerberos auth + different realm

About

Contact