collared-kerberos | helper classes and an example

 by   tellisnz Java Version: Current License: Apache-2.0

kandi X-RAY | collared-kerberos Summary

kandi X-RAY | collared-kerberos Summary

collared-kerberos is a Java library. collared-kerberos has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can download it from GitLab, GitHub.

The Kerberos Double Hop problem occurs when you have a kerberised service 'A' that needs to talk to another kerberised service 'B' on behalf of a user. Service A can not by default request a new service ticket for service B without constrained delegation (or protocol transition). A good write up can be found here.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              collared-kerberos has a low active ecosystem.
              It has 9 star(s) with 1 fork(s). There are 2 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 1 open issues and 1 have been closed. On average issues are closed in 15 days. There are no pull requests.
              It has a neutral sentiment in the developer community.
              The latest version of collared-kerberos is current.

            kandi-Quality Quality

              collared-kerberos has no bugs reported.

            kandi-Security Security

              collared-kerberos has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

            kandi-License License

              collared-kerberos is licensed under the Apache-2.0 License. This license is Permissive.
              Permissive licenses have the least restrictions, and you can use them in most projects.

            kandi-Reuse Reuse

              collared-kerberos releases are not available. You will need to build from source code and install.
              Build file is available. You can build the component from source.
              Installation instructions are available. Examples and code snippets are not available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of collared-kerberos
            Get all kandi verified functions for this library.

            collared-kerberos Key Features

            No Key Features are available at this moment for collared-kerberos.

            collared-kerberos Examples and Code Snippets

            No Code Snippets are available at this moment for collared-kerberos.

            Community Discussions

            No Community Discussions are available at this moment for collared-kerberos.Refer to stack overflow page for discussions.

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install collared-kerberos

            File -> Preferences -> Network -> Host-only Networks. Make sure there is an adapter.
            Edit it and note down the address.
            Some people get this working using static IPs for the following hosts, but I used a DHCP server and made sure the hosts always got the same IP.
            Download an evaluation Windows Server 2012 R2 from here
            In virtualbox, click new.
            Give your server a good name, leave the defaults, and click create.
            Right click your new server, click on settings, and click on Storage. Click the 'Empty' disk in the 'Storage Tree' section, then click the disc on the far right. Select Choose Virtual Optical Disk File and then find where you downloaded your ISO and select it.
            Click on Network, Adapter 2, Enable Network Adapter. Select Host-Only Adapter in the Attached to drop down and click OK.
            Double click to power it up. Go through the install process making sure to select 'Windows Server 2012 R2 Standard Evaluation (Server with a GUI)'. Do a 'Custom' install and finish up the install.
            After install, give it a password and log in.
            Open up the Server Manager, and click Add Roles and Features. Next, Next, Next. Select Active Directory Domain Services and DNS Server. Next through to the end. You may get a warning about not having a static IP - I couldn't quite figure out how to do this and it worked with DHCP so I left it. Install and then close.
            Click on the orange exclaimation mark and click promote this server to Domain Controller. Select add a new forest and give it a name, e.g. MYCOOLDOMAIN.COM
            Next through the rest of the options and Install. Server will restart.
            Once the server has restarted click start, start typing active and then open Active Directory Users and Groups. Expand your domain and click on Managed Service Accounts. Right click in the white space and click new -> User.
            Give a name for your delegating service like MYCOOLSERVICE and type the same in the User Login Name. Click next and then untick User must change password on next login and tick password never expires and then create.
            Repeat above for another user called DOWNSTREAM - this will be our downstream kerberised service B.
            Repeat above for our end user, e.g. Tom. This will be the user that logs into Windows and uses a browser to call our first kerberised service.
            Create a SPNEGO service principal name (SPN) for MYCOOLSERVICE by opening powershell and running setspn -s HTTP/mycoolservice.mycooldomain.com MYCOOLSERVICE.
            Create a Keytab for the service by running ktpass -out C:\Users\Administrator\mycoolservice.keytab -princ HTTP/mycoolservice.mycooldomain.com@MYCOOLDOMAIN.COM -mapUser MYCOOLSERVICE -mapOp set +rndpass -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL.
            Add the MYCOOLSERVICE user principal to the keytab using the command ktpass -in C:\Users\Administrator\mycoolservice.keytab -out C:\Users\Administrator\mycoolservice.keytab -princ MYCOOLSERVICE@MYCOOLDOMAIN.COM -mapUser MYCOOLSERVICE -mapOp set +rndpass -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL. Ignore the warning.
            Repeat the above for the DOWNSTREAM service, but this time for the SPNEGO principal use HTTP/downstream.mycooldomain.com (although for this example you just need the SPNEGO SPN).
            Configure constrained delegation for the MYCOOLSERVICE user by going back to Active Directory Users and Computers and clicking View -> Advanced Features. Right click on the MYCOOLSERVICE user and click properties. There is now a Delegation tab. Click it and click Trust the user for delegation to specified services only. Click Users or Computers and type downstream and check names and then OK. Select the HTTP downstream.mycooldomain.com service and click OK and OK.
            Get the keytabs of the server for later, e.g. with a share or something.
            Download Ubuntu from here.
            Follow the process as above for creating the virtualbox image.
            Install Ubuntu.
            Get the mycoolservice keytab and place on server.
            Install jdk8 and krb5-workstation.
            Configure krb5.conf.
            Configure NTP and Hosts.
            Clone collared kerberos example projects.
            Configure projects.
            Build and start them.
            Create another Virtualbox Unbutu VM as in the Gateway/Hop one above.
            Get downstream keytab and place on server.
            Install krb5-workstation.
            Configure krb5.conf.
            Configure NTP and Hosts.
            Clone the hadoop-auth example from here.
            Configure as per hadoop auth example instructions to point to downstream principal and keytab.
            Build hadoop auth example
            Download apache Tomcat and extract and start it.
            Put built web app in webapps.
            Get a Windows VM from here
            As per the other virtualbox VMs, create one for Windows.
            Log in as end user.
            Add it to mycooldomain.com.
            Edit IE settings to supply user/password.
            Go to http://mycoolservice.mycooldomain.com:8080/ - If everything works the service should say you're Tom/whatever your end user you set up was.

            Support

            For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/tellisnz/collared-kerberos.git

          • CLI

            gh repo clone tellisnz/collared-kerberos

          • sshUrl

            git@github.com:tellisnz/collared-kerberos.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Consider Popular Java Libraries

            CS-Notes

            by CyC2018

            JavaGuide

            by Snailclimb

            LeetCodeAnimation

            by MisterBooo

            spring-boot

            by spring-projects

            Try Top Libraries by tellisnz

            terraform-aws

            by tellisnzTypeScript

            tellisnz.github.io

            by tellisnzHTML

            kotlin-fizzbuzz

            by tellisnzKotlin