Re: Setting up the KDC ldap backend

t; doens't exist, but anyway I created a ldif file like this: dn: dc=example,dc=com objectClass: domain And after running ldapmodify on that, I was able to finish creating the krb5 database. Thanks, John On Wed, Feb 6, 2019 at 12:21 PM John Byrne wrote: > Thanks for the replies. I had found

Constrained Delegation error "KDC policy rejects request"

Hi, I've set up a KDC using LDAP as the backend (krb5 1.15.1 on CentOS 7), and I'm trying to perform constrained delegation. However, I'm getting this error from the KDC when the intermediate service calls the step() function on the security context: "KDC policy rejects request" Here's the KDC

Re: Setting up the KDC ldap backend

tps://community.hortonworks.com/articles/199542/configuring-kerberos-with-openldap-back-end.html > > On Tue, Feb 5, 2019 at 1:33 PM John Byrne wrote: > >> Hi, >> >> I'm trying to set up the KDC with the LDAP plugin. I've been using: >> >> https://web.mi

Setting up the KDC ldap backend

Hi, I'm trying to set up the KDC with the LDAP plugin. I've been using: https://web.mit.edu/kerberos/krb5-latest/doc/admin/conf_ldap.html and https://web.mit.edu/kerberos/krb5-latest/doc/admin/advanced/ldapbackend.html#ldap-be-ubuntu as references (I'm not using Ubuntu, I'm using CentOS 7 but

Re: Constrained Delegation error "KDC policy rejects request"

it on and off for that intermediate service via kadmin, using the ok_to_auth_as_delegate flag. Thanks again to everyone who replied to my other threads on this! References: http://kerberos.996246.n3.nabble.com/ACL-for-Constrained-Delegation-td39665.html -John On Wed, Feb 6, 2019 at 3:49 PM John

Confusion about delegation

Hi, I'm confused about a couple of points regarding delegation - could anyone help to educate me please? I am trying to perform a constrained delegation authentication with a web application. The user authenticates to a web application (principal HTTP/ www.example.com) and that web application

Re: Confusion about delegation

/31/19 1:32 PM, John Byrne wrote: > > The client_ctx.step() call returns this error: gssapi.raw.misc.GSSError: > > Major (851968): Unspecified GSS failure. Minor code may provide more > > information, Minor (2529639053): Matching credential not found > > This is a bad error m

Re: Using Kerberos on PYTHON

Hi, You need a python binding for MIT Kerberos. I've had success with python-gssapi (https://pypi.org/project/python-gssapi/). -John On Fri, Oct 9, 2020 at 1:50 PM Luciano Custodio wrote: > Hi, > > I am writing a program in python to put a message in a kafka topic. > > I need to connect