kerberos auth + different realm (wodSSH / wodSSH.NET)

Hello,
We are testing your library with gssapi authentication. The first test are positive but one our server needs different realm (other than used by default) specified in order to authenticate.
How we can specify that using your library?

Pavel,

Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?

Regards,
Damba

Pavel,

Can you do that in i.e. Putty? If so, how do you specify the Realm there? Can you perhaps provide us an example of that process?

Regards,
Damba

Sorry for the delay.
Yes, it is possible to specify realm in the Putty.
Typical usage:
Your domain is local.net but server with service you are trying to connect is in different domain service.net
Using component it is possible to query ticket for local.net but not for service.net and the authentication fails.

Pavel

Pavel,

I only see Service principal name in Putty. Is this what you're referring to?

Currently wodSSH automatically takes it from the hostname if I remember correctly.

Kreso

No, alhough it can also be usefull.
Our version of Putty has such option (in ssh/auth):
http://www.nlm.cz/files/PuttySSO.zip

Pavel

Pavel,

I will try to find source for your version of Putty to see what is this all about and how Putty handles it. I'll get back to you in 1-2 days.

Kreso

Pavel,

from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?

Kreso

Pavel,

from what I've read, realm is taken from domain name, or part of full hostname. Did you try to reference that host using different hostname+domain?

Kreso

Yes,
using different host with domain has no effect, the component still tries to authenticate with the actual domain name.

Pavel,

I can only think that what you refer is 1st argument in AcquireCredentialsHandle call. Perhaps we can try it out?

Can you please send email to techsupport@weonlydo.com and I'll send you back the DLL with hardcoded different realm. So, if that works and authenticates, we can then make more general version.

Would that be ok?

Kreso

Pavel,

hi. I may have found what you need, but I can't test it. If you're interested please send us email.

Regards,
Kreso

Pavel,

hi. I may have found what you need, but I can't test it. If you're interested please send us email.

Regards,
Kreso

Hello,
I'm still interested, email send to techsupport.

Pavel