kerberos auth + different realm - WeOnlyDo Discussion board

kerberos auth + different realm (wodSSH / wodSSH.NET)

by pavel, Tuesday, February 09, 2010, 13:47 (3199 days ago)

Hello,
We are testing your library with gssapi authentication. The first test are positive but one our server needs different realm (other than used by default) specified in order to authenticate.
How we can specify that using your library?


Re: kerberos auth + different realm

by wodDamir, Tuesday, February 09, 2010, 14:49 (3198 days ago) @ pavel

Pavel,

Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?

Regards,
Damba

Re: kerberos auth + different realm

by Pavel, Friday, February 12, 2010, 11:07 (3196 days ago) @ wodDamir

Pavel,

Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?

Regards,
Damba

Sorry for the delay.
Yes, it is possible to specify realm in the Putty.
Typical usage:
Your domain is local.net but server with service you are trying to connect is in different domain service.net
Using component it is possible to query ticket for local.net but not for service.net and the authentication fails.

Pavel

Re: kerberos auth + different realm

by wodSupport, Friday, February 12, 2010, 11:27 (3196 days ago) @ Pavel

Pavel,

I only see Service principal name in Putty. Is this what you're referring to?

Currently wodSSH automatically takes it from the hostname if I remember correctly.

Kreso

Re: kerberos auth + different realm

by Pavel, Friday, February 12, 2010, 11:40 (3196 days ago) @ wodSupport

No, alhough it can also be usefull.
Our version of Putty has such option (in ssh/auth):
http://www.nlm.cz/files/PuttySSO.zip

Pavel

Re: kerberos auth + different realm

by wodSupport, Friday, February 12, 2010, 11:43 (3196 days ago) @ Pavel

Pavel,

I will try to find source for your version of Putty to see what is this all about and how Putty handles it. I'll get back to you in 1-2 days.

Kreso

Re: kerberos auth + different realm

by wodSupport, Monday, February 15, 2010, 17:08 (3192 days ago) @ wodSupport

Pavel,

from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?

Kreso

Re: kerberos auth + different realm

by Pavel, Thursday, February 18, 2010, 10:22 (3190 days ago) @ wodSupport

Pavel,

from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?

Kreso

Yes,
using different host with domain has no effect, the component still tries to authenticate with the actual domain name.

Re: kerberos auth + different realm

by wodSupport, Friday, February 19, 2010, 01:17 (3189 days ago) @ Pavel

Pavel,

I can only think that what you refer is 1st argument in AcquireCredentialsHandle call. Perhaps we can try it out?

Can you please send email to techsupport@weonlydo.com and I'll send you back the DLL with hardcoded different realm. So, if that works and authenticates, we can then make more general version.

Would that be ok?

Kreso

Re: kerberos auth + different realm

by wodSupport, Tuesday, February 23, 2010, 00:17 (3185 days ago) @ wodSupport

Pavel,

hi. I may have found what you need, but I can't test it. If you're interested please send us email.

Regards,
Kreso

Re: kerberos auth + different realm

by Pavel, Wednesday, February 24, 2010, 13:05 (3184 days ago) @ wodSupport

Pavel,

hi. I may have found what you need, but I can't test it. If you're interested please send us email.

Regards,
Kreso

Hello,
I'm still interested, email send to techsupport.

Pavel