private String generateTicket() throws GSSException { final GSSManager manager = GSSManager.getInstance(); // Oid for kerberos principal name Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1"); Oid KERB_V5_OID = new Oid("1.2.840.113554.1.2.2"); final GSSName clientName = manager.createName(principal, krb5PrincipalOid); final GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, KERB_V5_OID, GSSCredential.INITIATE_ONLY); final GSSName serverName = manager.createName(principal, krb5PrincipalOid); final GSSContext context = manager.createContext(serverName, KERB_V5_OID, clientCred, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestConf(false); context.requestInteg(true); final byte[] outToken = context.initSecContext(new byte[0], 0, 0); StringBuffer outputBuffer = new StringBuffer(); outputBuffer.append("Negotiate "); outputBuffer.append(Bytes.toString(Base64.getEncoder().encode(outToken))); System.out.print("Ticket is: " + outputBuffer); return outputBuffer.toString(); }
public static byte[] initiateSecurityContext(Subject subject, String servicePrincipalName) throws GSSException { GSSManager manager = GSSManager.getInstance(); GSSName serverName = manager.createName(servicePrincipalName, GSSName.NT_HOSTBASED_SERVICE); final GSSContext context = manager.createContext(serverName, krb5Oid, null, GSSContext.DEFAULT_LIFETIME); // The GSS context initiation has to be performed as a privileged action. return Subject.doAs(subject, (PrivilegedAction<byte[]>)() -> { try { byte[] token = new byte[0]; // This is a one pass context initialization. context.requestMutualAuth(false); context.requestCredDeleg(false); return context.initSecContext(token, 0, token.length); } catch (GSSException e) { log.error(Util.getMessage("Krb5TokenKerberosContextProcessingException"),e); return null; } }); }
gssContext.requestMutualAuth(true); gssContext.requestCredDeleg(true);
INDEFINITE_LIFETIME); result.requestMutualAuth(true); result.requestConf(true); result.requestInteg(true);
INDEFINITE_LIFETIME); result.requestMutualAuth(true); result.requestConf(true); result.requestInteg(true);
@Override public GSSContext run() throws GSSException { GSSName clientName = manager.createName(params.getUsername(), GSSName.NT_USER_NAME); GSSCredential clientCreds = manager.createCredential(clientName, GSSContext.DEFAULT_LIFETIME, selectedOid, GSSCredential.INITIATE_ONLY); GSSName peerName = manager.createName("host@" + params.getTransport().getRemoteHost(), GSSName.NT_HOSTBASED_SERVICE); GSSContext context = manager.createContext(peerName, selectedOid, clientCreds, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestInteg(true); return context; } }
@Override public String run() throws Exception { // This Oid for Kerberos GSS-API mechanism. Oid mechOid = new Oid("1.2.840.113554.1.2.2"); // Oid for kerberos principal name Oid krb5PrincipalOid = new Oid("1.2.840.113554.1.2.2.1"); GSSManager manager = GSSManager.getInstance(); // GSS name for server GSSName serverName = manager.createName(serverPrincipal, krb5PrincipalOid); // Create a GSSContext for authentication with the service. // We're passing client credentials as null since we want them to be read from the Subject. GSSContext gssContext = manager.createContext(serverName, mechOid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestMutualAuth(false); // Establish context byte[] inToken = new byte[0]; byte[] outToken = gssContext.initSecContext(inToken, 0, inToken.length); gssContext.dispose(); // Base64 encoded and stringified token for server return new String(base64codec.encode(outToken)); } }
public byte[] run() throws UnknownHostException, ClassNotFoundException, GSSException, IllegalAccessException, NoSuchFieldException { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP", authServer); Oid serviceOid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, serviceOid); Oid mechOid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); GSSContext gssContext = gssManager.createContext(serviceName, mechOid, null, 0); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); return gssContext.initSecContext(input, 0, input.length); }
gssContext = manager.createContext(serverName.canonicalize(mechOid), mechOid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestMutualAuth(true); gssContext.requestCredDeleg(true);
myCred, GSSContext.DEFAULT_LIFETIME); gssContext.requestMutualAuth(true); gssContext.requestCredDeleg(true); } catch (GSSException ex) { gssContext = manager.createContext(serverName.canonicalize(negotiationOid), negotiationOid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestMutualAuth(true); gssContext.requestCredDeleg(true);
boolean requestMutualAuth = serverAuth || mayRequireSecurityLayer; saslGssapi.tracef("Setting requering mutual authentication to %b", requestMutualAuth); gssContext.requestMutualAuth(requestMutualAuth);
gssContext.requestMutualAuth(true); // Required } catch (GSSException e) { throw saslGs2.mechUnableToSetGssContextRequestFlags(e).toSaslException();
secContext.requestMutualAuth(true);
secContext.requestMutualAuth(true);
GSSManager manager = GSSManager.getInstance(); GSSName clientName = manager.createName("clientUser", GSSName.NT_USER_NAME); GSSCredential clientCred = manager.createCredential(clientName, 8 * 3600, createKerberosOid(), GSSCredential.INITIATE_ONLY); GSSName serverName = manager.createName("http@server", GSSName.NT_HOSTBASED_SERVICE); GSSContext context = manager.createContext(serverName, createKerberosOid(), clientCred, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestConf(false); context.requestInteg(true); byte[] outToken = context.initSecContext(new byte[0], 0, 0); System.out.println(new BASE64Encoder().encode(outToken)); context.dispose();
serverName.canonicalize(negotiationOid), negotiationOid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestMutualAuth(true); gssContext.requestCredDeleg(true); } catch (GSSException ex) { serverName.canonicalize(negotiationOid), negotiationOid, null, GSSContext.DEFAULT_LIFETIME); gssContext.requestMutualAuth(true); gssContext.requestCredDeleg(true);
GSSContext createDelegatingGSSContext(final GSSManager manager, final Oid oid, final GSSName serverName, final GSSCredential gssCredential) throws GSSException { final GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME); gssContext.requestMutualAuth(true); gssContext.requestCredDeleg(true); return gssContext; } }
public byte[] run() throws GSSException { final byte[] token = new byte[0]; // This is a one pass context initialization. context.requestMutualAuth(false); context.requestCredDeleg(false); return context.initSecContext(token, 0, token.length); } });
public byte[] run() throws UnknownHostException, ClassNotFoundException, GSSException, IllegalAccessException, NoSuchFieldException { GSSManager gssManager = GSSManager.getInstance(); String servicePrincipal = KerberosUtil.getServicePrincipal("HTTP", authServer); Oid serviceOid = KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL"); GSSName serviceName = gssManager.createName(servicePrincipal, serviceOid); Oid mechOid = KerberosUtil.getOidInstance("GSS_KRB5_MECH_OID"); GSSContext gssContext = gssManager.createContext(serviceName, mechOid, null, 0); gssContext.requestCredDeleg(true); gssContext.requestMutualAuth(true); return gssContext.initSecContext(input, 0, input.length); }
@Override public GSSContext run() throws GSSException { GSSName clientName = manager.createName(params.getUsername(), GSSName.NT_USER_NAME); GSSCredential clientCreds = manager.createCredential(clientName, GSSContext.DEFAULT_LIFETIME, selectedOid, GSSCredential.INITIATE_ONLY); GSSName peerName = manager.createName("host@" + params.getTransport().getRemoteHost(), GSSName.NT_HOSTBASED_SERVICE); GSSContext context = manager.createContext(peerName, selectedOid, clientCreds, GSSContext.DEFAULT_LIFETIME); context.requestMutualAuth(true); context.requestInteg(true); return context; } }