kerberos auth + different realm (wodSSH / wodSSH.NET)
by pavel, Tuesday, February 09, 2010, 13:47 (5402 days ago)
Hello,
We are testing your library with gssapi authentication. The first test are positive but one our server needs different realm (other than used by default) specified in order to authenticate.
How we can specify that using your library?
Re: kerberos auth + different realm
by wodDamir, Tuesday, February 09, 2010, 14:49 (5402 days ago) @ pavel
Pavel,
Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?
Regards,
Damba
Re: kerberos auth + different realm
by Pavel, Friday, February 12, 2010, 11:07 (5399 days ago) @ wodDamir
Pavel,
Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?
Regards,
Damba
Sorry for the delay.
Yes, it is possible to specify realm in the Putty.
Typical usage:
Your domain is local.net but server with service you are trying to connect is in different domain service.net
Using component it is possible to query ticket for local.net but not for service.net and the authentication fails.
Pavel
Re: kerberos auth + different realm
by wodSupport, Friday, February 12, 2010, 11:27 (5399 days ago) @ Pavel
Pavel,
I only see Service principal name in Putty. Is this what you're referring to?
Currently wodSSH automatically takes it from the hostname if I remember correctly.
Kreso
Re: kerberos auth + different realm
by Pavel, Friday, February 12, 2010, 11:40 (5399 days ago) @ wodSupport
No, alhough it can also be usefull.
Our version of Putty has such option (in ssh/auth):
http://www.nlm.cz/files/PuttySSO.zip
Pavel
Re: kerberos auth + different realm
by wodSupport, Friday, February 12, 2010, 11:43 (5399 days ago) @ Pavel
Pavel,
I will try to find source for your version of Putty to see what is this all about and how Putty handles it. I'll get back to you in 1-2 days.
Kreso
Re: kerberos auth + different realm
by wodSupport, Monday, February 15, 2010, 17:08 (5396 days ago) @ wodSupport
Pavel,
from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?
Kreso
Re: kerberos auth + different realm
by Pavel, Thursday, February 18, 2010, 10:22 (5393 days ago) @ wodSupport
Pavel,
from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?
Kreso
Yes,
using different host with domain has no effect, the component still tries to authenticate with the actual domain name.
Re: kerberos auth + different realm
by wodSupport, Friday, February 19, 2010, 01:17 (5392 days ago) @ Pavel
Pavel,
I can only think that what you refer is 1st argument in AcquireCredentialsHandle call. Perhaps we can try it out?
Can you please send email to techsupport@weonlydo.com and I'll send you back the DLL with hardcoded different realm. So, if that works and authenticates, we can then make more general version.
Would that be ok?
Kreso
Re: kerberos auth + different realm
by wodSupport, Tuesday, February 23, 2010, 00:17 (5388 days ago) @ wodSupport
Pavel,
hi. I may have found what you need, but I can't test it. If you're interested please send us email.
Regards,
Kreso
Re: kerberos auth + different realm
by Pavel, Wednesday, February 24, 2010, 13:05 (5387 days ago) @ wodSupport
Pavel,
hi. I may have found what you need, but I can't test it. If you're interested please send us email.
Regards,
Kreso
Hello,
I'm still interested, email send to techsupport.
Pavel