kerberos auth + different realm - WeOnlyDo Discussion board

kerberos auth + different realm (wodSSH / wodSSH.NET)

by pavel, Tuesday, February 09, 2010, 13:47 (5161 days ago)

Hello,
We are testing your library with gssapi authentication. The first test are positive but one our server needs different realm (other than used by default) specified in order to authenticate.
How we can specify that using your library?


Re: kerberos auth + different realm

by wodDamir, Tuesday, February 09, 2010, 14:49 (5161 days ago) @ pavel

Pavel,

Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?

Regards,
Damba

Re: kerberos auth + different realm

by Pavel, Friday, February 12, 2010, 11:07 (5158 days ago) @ wodDamir

Pavel,

Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?

Regards,
Damba

Sorry for the delay.
Yes, it is possible to specify realm in the Putty.
Typical usage:
Your domain is local.net but server with service you are trying to connect is in different domain service.net
Using component it is possible to query ticket for local.net but not for service.net and the authentication fails.

Pavel

Re: kerberos auth + different realm

by wodSupport, Friday, February 12, 2010, 11:27 (5158 days ago) @ Pavel

Pavel,

I only see Service principal name in Putty. Is this what you're referring to?

Currently wodSSH automatically takes it from the hostname if I remember correctly.

Kreso

Re: kerberos auth + different realm

by Pavel, Friday, February 12, 2010, 11:40 (5158 days ago) @ wodSupport

No, alhough it can also be usefull.
Our version of Putty has such option (in ssh/auth):
http://www.nlm.cz/files/PuttySSO.zip

Pavel

Re: kerberos auth + different realm

by wodSupport, Friday, February 12, 2010, 11:43 (5158 days ago) @ Pavel

Pavel,

I will try to find source for your version of Putty to see what is this all about and how Putty handles it. I'll get back to you in 1-2 days.

Kreso

Re: kerberos auth + different realm

by wodSupport, Monday, February 15, 2010, 17:08 (5155 days ago) @ wodSupport

Pavel,

from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?

Kreso

Re: kerberos auth + different realm

by Pavel, Thursday, February 18, 2010, 10:22 (5152 days ago) @ wodSupport

Pavel,

from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?

Kreso

Yes,
using different host with domain has no effect, the component still tries to authenticate with the actual domain name.

Re: kerberos auth + different realm

by wodSupport, Friday, February 19, 2010, 01:17 (5152 days ago) @ Pavel

Pavel,

I can only think that what you refer is 1st argument in AcquireCredentialsHandle call. Perhaps we can try it out?

Can you please send email to techsupport@weonlydo.com and I'll send you back the DLL with hardcoded different realm. So, if that works and authenticates, we can then make more general version.

Would that be ok?

Kreso

Re: kerberos auth + different realm

by wodSupport, Tuesday, February 23, 2010, 00:17 (5148 days ago) @ wodSupport

Pavel,

hi. I may have found what you need, but I can't test it. If you're interested please send us email.

Regards,
Kreso

Re: kerberos auth + different realm

by Pavel, Wednesday, February 24, 2010, 13:05 (5146 days ago) @ wodSupport

Pavel,

hi. I may have found what you need, but I can't test it. If you're interested please send us email.

Regards,
Kreso

Hello,
I'm still interested, email send to techsupport.

Pavel