Domain authentication used for kerberos based authentication of users on my server

Posted by J G on Server Fault See other posts from Server Fault or by J G
Published on 2011-06-30T12:35:32Z Indexed on 2011/07/01 0:23 UTC
Read the original article Hit count: 283

Filed under:

domain

|

authentication

|

kerberos

|

directory

Suppose a user process has authenticated itself against domain's directory server via kerberos, and then attempts opens a network socket to my server application.

My server application has a white-list of users from the domain directory server.

How does my server app authenticate the user from the directory based on this socket opening attempt?

(To keep things simple - let's say my server is written in Java, and the directory server is Active Directory)

EDIT My question is about how the client asks for an authentication token.

© Server Fault or respective owner

Related posts about domain

In WHM - Addon Domain Matches Primary Domain From Separate Account - I can't delete the addon domain

as seen on Server Fault - Search for 'Server Fault'
I have an account (domian1.com) with the an addon domain (domain2.com) that matches the primary domain (domain2.com) of a separate account. I believe it was created renaming the primary domain of the second account. I want to delete the addon domain from domain1.com. However when I try i get the error: … >>> More
Trust my work domain on a Dev Domain without a domain level password

as seen on Server Fault - Search for 'Server Fault'
I setup a virtual machine to host a dev version of TFS (to test plugins on). Getting a computer on my work domain requires large amounts of red tape and paperwork that I would rather not do. I created my own domain the the VM and I would like to trust all users from my work domain on that VM Domain… >>> More
NFS (with Kerberos) mount failing due to "Server not found in Kerberos database" error

as seen on Server Fault - Search for 'Server Fault'
When running: `sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt` I get this error on the client: mount.nfs4: access denied by server while mounting sol.domain.com:/ And on the server syslogs UNKNOWN_SERVER: authtime 0, nfs/mercury.domain.com@SOL.DOMAIN.COM for nfs/ip-#-#-#-#.ec2.internal@SOL… >>> More
Server 2003 on domain wont let domain user have local profile

as seen on Server Fault - Search for 'Server Fault'
I have a few servers that are acting in this behavior, you log in and always get put into a temporary profile. The server is licensed for TS. The user I am testing with has local admin rights so it doesn't seem to be a permission issue on the server. I'll first get a message that the users roaming… >>> More
Problem with redirecting *.domain.com & domain.com to www.domain.com for HTTPS

as seen on Stack Overflow - Search for 'Stack Overflow'
We have a site I'll call acme.com. Most of the time you see http://www.acme.com and sometimes we redirect you to https://www.acme.com. We want to redirect anyone going to http://acme.com or http://*.acme.com to http://www.acme.com, and the same for https. (It's mainly to avoid the alert you get if… >>> More

Related posts about authentication

Configuring Fed Authentication Methods in OIF / IdP

as seen on Oracle Blogs - Search for 'Oracle Blogs'
In this article, I will provide examples on how to configure OIF/IdP to map OAM Authentication Schemes to Federation Authentication Methods, based on the concepts introduced in my previous entry. I will show examples for the three protocols supported by OIF: SAML 2.0 SSO SAML… >>> More
windows authentication vs sql server authentication for asp.net forms authentication site

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a database and a site having forms authentication. It is working fine with VS2008. This time, I am using "Trusted_connection =True". But when it is opened from outside or directly from browser then I am getting error "Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'." I know this is due… >>> More
Disable authentication on subfolder(s) of an ASP.NET app using windows authentication

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Is it possible to disable windows authentication on one or more subfolders of an ASP.net application using windows authentication? >>> More
AutoCompleteExtender - authentication failure (forms authentication)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm using the AutoCompleteExtender from the AJAX control toolkit on my aspx page - I have it wired up to a WCF service that is returning a string array and everything works happily. If I change my service definition to include a demand for the caller to be authenticated, like so: <OperationContract()… >>> More
Ruby on Rails , functionalities having twitter authentication and email authentication (autlogic and

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi Experts, I would like to ask your guidance on how to authenticate using email add/ the basic log-in while having also a twitter log-in, twitter authentication works fine but if having an alternative log-in like using basic sign-up and email log-in part wont work.... any ideas please...? >>> More