Git Product home page Git Product logo

kerberos-auth-example's Introduction

Kerberos proxy authentication example

This is the demonstration of authentication against kerberos-enabled proxy with Java's Krb5LoginModule.

Prerequisites

Kerberos

You need to have running kerberos authentication server. If you don't want to install your own Kerberos and just need something quick to try then you can use demo freeIPA server.

Proxy server

You need to have a proxy with kerberos authentication in place.

One such proxy is Squid - see Proxy Authentication for more details

Configuration

Update username and password in KerberosCallBackHandler and proxy host and/port in KerberosAuthExample.

If appropriate, you can also update configuration in login.conf file.

Running

Just run KerberosAuthExample main method. If everything works, you should see content of example.com in console.

proxy-vole

There's a great proxy-vole library which can be used for proxy configuration detection.

If you want, you can use it to detect system's proxy settings and use system-wide proxy instead of hard-coded one in KerberosAuthExample - just use appropriate proxy selector to retrieve proper proxy settings

// for java HTTP stuff
ProxySelector.setDefault(proxySearch.getProxySelector());

// for HTTP client, you have to set proper proxy router planner
...

kerberos-auth-example's People

Contributors

jumarko avatar

Stargazers

Kapil Shirsath avatar IchEsUberIch avatar Benshan Mei avatar avatar DAPENG WANG avatar Yang Yu avatar GAURAV avatar Ferran Altimiras avatar avatar Jeljeli Hamza avatar

Watchers

James Cloos avatar avatar avatar

Forkers

prussia kiranm516 harschware bnl0106 bhunsicker cquoss yangxianrui lggomezsf

kerberos-auth-example's Issues

NTLM Authentication

Hello,
This is not really an issue with this library as such, we just wanted to check how can this code be modified so that it uses NTLM authentication underneath.

We have set up a SQUID proxy server with Kerberos, but apparently, it always falls back to NTLM authentication when we route traffic to internet through it via a web browser. We concluded that looking at SQUID log files. Though we can potentially fix configuration issue, assuming there is one, we also wanted to make sure, we are able to write code for a proxy which solely uses NTLM authentication.

We tried modifying

Registry<AuthSchemeProvider> authSchemeRegistry = 
        		RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)).build();

TO

Registry<AuthSchemeProvider> authSchemeRegistry = 
        		RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.NTLM, new NTLMSchemeFactory()).build();

but we get this error
WARNING: Authentication scheme Negotiate not supported

We tried a lot of different things, but code always tried Kerberos authentication and then it fails with 407 Proxy Authentication needed error.

regards, Yogesh

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.