x509 - Kerberos test using kinit with no password (cert auth) -


i did extensive search before posting q.

we have kerb setup working fine users our internal portal. few users getting following error:

"failed create delegated gssapi token on behalf of http/ssologon.xxx.xxx.xx.com@xxx.xxx.xx.com service@hostname.xxx.xxx.xx.com: minor status=-1765328230, major status=851968, message=cannot find kdc requested realm]"

i can test kerb setup fine server side using kinit using keytab file etc.

issue/q how test same workstations/client pc exhibiting above error.

i use kinit or kinit principal-name prompts password. have disabled passwords authentication , use x509 certs/access card login our pcs/domain.

so, how use kinit or equiv. test kerberos domain workstation using cli , cert authentication.

i have seen kinit -x option not available on jdk1.7/1.8 in win 7 seems. pkinit (mit kerberos) option seems more used web server kdc authentication.

thank in advance , appreciate community's time , effort.

---- additional info 1----

btw, had user purge tickets - klist purge , had try accessing sso site (protected using iwa kerb) , verified issued kerb ticket

5 client: xxjdoe @ xxx.xx.xxx

    server: http/ssologon.xxx.xxx.xx.xx @ xxx.xxx.xx.xxx     kerbticket encryption type: rsadsi rc4-hmac(nt)     ticket flags 0x40a40000 -> forwardable renewable pre_authent ok_as_delegate     start time: 4/7/2017 13:54:59 (local)     end time:   4/7/2017 23:54:48 (local)     renew time: 4/14/2017 13:54:48 (local)     session key type: rsadsi rc4-hmac(nt)

-------- end 1 ---------------


Comments

Post a Comment

Popular posts from this blog

Command prompt result in label. Python 2.7 -

i want put result(output) of shell command label. command works, label shows "0", however, in command prompt, result shown correctly, need showed in label. doing ubuntu. myg1 = button(root, text="rodyti informacija", command=lambda: gauti()) myg1.pack(side=bottom) def gauti(): imti = tekstas.get("1.0", "end-1c") info = subprocess.call("id '{imti}' ".format(imti=imti), shell=true) w = label(root, text= info) w.pack(side = bottom) subprocess.call() returns exit code of process created (in case 0 success). if want text output of process, should instead call subprocess.check_output() .
Read more

javascript - How do I use URL parameters to change link href on page? -

i change href value of link using url parameters. example: default <a id="dlink" href="link-1">link</a> but, when user goes https://url.com/?dlink=link-2 it swaps out link new link <a id="dlink" href="link-2">link</a> first need value url. if you're not using javascript framework can create function using jquery. please check get url parameter jquery or how query string values in js it. after that, element "a" id , set value there. $("#dlink").attr("href", hreffromparam);
Read more

amazon web services - AWS Route53 Trying To Get Site To Resolve To www -

so have domain nameservers pointed aws route 53. site hosted on ec2 instance , reachable resolves site.com, if input www.site.com. i'm curious how site resolve www.site.com. have under route53 domains hosted zone 2 additional record sets outside of ns , soa: a site.com ec2 elastic ip cname www.site.com ec2 public dns i can reach site using both site.com , www.site.com, resolve site.com. there way make if enter either, resolves www.site.com? at first, both should record set. a site.com ec2 elastic ip www.site.com ec2 elastic ip and need redirect setting in web server (nginx, apache, ..) following. (source: how redirect www non-www nginx on centos 7 ) redirect non-www www if want redirect users plain, non-www domain www domain, add server block: server { server_name example.com; return 301 $scheme://www.example.com$request_uri; } save , exit. configures nginx redirect requests "example.com" "www.example.com". not
Read more