精华内容
参与话题
问答
  • SASL

    万次阅读 2012-01-10 10:09:10
    LDAP V3协议使用SASL的支持可插拔认证。这意味着LDAP客户端和服务器可以被配置在谈判和使用认证机制可能是非标准和/或定制,取决于客户端和服务器所需的保护水平 。不支持SASL的LDAP v2协议。 目前有几个SASL机制...

    LDAP V3协议使用SASL的支持可插拔认证。这意味着LDAP客户端和服务器可以被配置在谈判和使用认证机制可能是非标准和/或定制,取决于客户端和服务器所需的保护水平 。不支持SASL的LDAP v2协议。

    目前有几个SASL机制的定义:

    LDAP服务器的支持SASL机制

    前面的列表的机制,流行LDAP服务器(如OpenLDAP的,从甲骨文,和微软的)支持外部,DIGEST - MD5,并作为强制性LDAP的默认机制的Kerberos V5。RFC 2829建议使用DIGEST - MD5 v3服务器。

    下面是一个简单的程序,找出LDAP服务器支持的SASL机制的列表。

    / /创建初始上下文
    DirContext ctx =new InitialDirContext();
    
    / /读取从根DSE supportedSASLMechanisms
    Attributes attrs = ctx.getAttributes(  
         "ldap://localhost:389", new String[]{"supportedSASLMechanisms"});

    下面是在一个支持外部SASL机制的服务器上运行这个程序产生的输出。

    {supportedsaslmechanisms=supportedSASLMechanisms: EXTERNAL, GSSAPI, DIGEST-MD5}
    

    指定的认证机制

    要使用特定的SASL机制,可以指定其互联网编号分配机构(IANA)注册机制的名称 Context.SECURITY_AUTHENTICATION环境属性。您也可以指定一个LDAP提供机制的清单尝试 。这是通过指定的空间分隔机制名称的有序列表 。LDAP提供程序将使用它找到一个实施的第一个机制。

    下面是一个例子,要求LDAP提供商试图让DIGEST - MD5机制的执行情况,如果是这样的不可用,使用GSSAPI的一个。

    env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5 GSSAPI");

    从应用程序的用户,你可能会得到这样的认证机制,或者,您可能会通过调用类似前面显示的方法来要求LDAP服务器。LDAP提供者本身并不会咨询此服务器来获得相应的信息。它只是试图找到并使用指定的机制的实现。

    在平台的LDAP提供内置,DIGEST - MD5的,和GSSAPI(Kerberos V5的)SASL机制的支持。您可以添加额外的机制的支持。

    指定的认证机制的输入

    一些机制,如外部不需要额外的输入-单机制的名称是足够的认证进行。外部的例子显示了如何使用外部的SASL机制 。

    大多数其他机制需要一些额外的输入。根据这一机制,可能会有所不同类型的输入。以下是一些常见的输入机制。

    • 验证ID。执行身份验证的实体的身份。
    • 授权标识。访问控制检查如果认证成功,应作出实体的身份。
    • 认证证书。例如,密码或钥匙。

    如果程序(如代理服务器)是代表另一个实体验证,身份验证和授权的ID可能会有所不同。验证ID指定使用的 Context.SECURITY_PRINCIPAL环境属性。它的类型java.lang.String 。

    验证ID的密码/关键是指定使用的 Context.SECURITY_CREDENTIALS环境属性。它的类型是java.lang.String时char数组的(char[]),或字节数组(byte[] )。如果密码是一个字节数组,然后它转化成一个 char 数组使用UTF - 8编码。

    如果已设置的“java.naming.security.sasl.authorizationId”属性,然后使用它的值作为授权ID。它的值的类型必须是java.lang.String的。默认情况下,空字符串使用的授权ID,指示服务器,来自客户端的身份验证凭据的授权ID 。

    DIGEST - MD5的示例演示如何使用Context.SECURITY_PRINCIPALContext.SECURITY_CREDENTIALS DIGEST - MD5验证的属性 。

    如果一个机制需要输入已经描述过的以外,然后你需要定义一个回调机制,使用对象,您可以检查出在回调例如 JNDI教程 。这节课的下一部分将讨论如何使用SASL DIGEST - MD5认证机制。 SASL的政策 , GSS API(Kerberos V5的) 和 CRAM - MD5 机制是覆盖在JNDI教程。









    展开全文
  • SASL Authentication

    2020-12-02 22:16:33
    Is it possible to use kafka-webview with a cluster with a SASL authenticaton? In simple console consumer I can do this by just passing jaas conf(with login/password) file as JVM argument like <p>...
  • SASL Support

    2020-11-25 16:12:55
    sasl.mechanisms': 'PLAIN', 'sasl.username': '<USER>', 'sasl.password': '<PASSWORD>', 'security.protocol': 'sasl_ssl' </code></...
  • SASL support

    2020-12-02 04:35:43
    <p>Edit: Should probably just rename this to a feature request asking for SASL support in reality. Please feel free to do so if that is the case! :)</p><p>该提问来源于开源项目:matrix-org/matrix...
  • sasl kerberos

    2020-11-27 15:24:55
    <p>Everything is good and we can connect to Kafka with Python confluent kafka and setting sasl.kerberos property. <p>But when I set these configs for connecting to Kafka with kafka-...
  • sasl.mechanisms: sasl sasl.username: sasl.password: <p>can see this :https://github.com/edenhill/librdkafka/wiki/Using-SASL-with-librdkafka</p> <p>php-rdkafka can use this ?? ...
  • <div><p><code>mutt_sasl_done</code> from <code>mut_sasl.h</code> calls <code>sasl_don()</code> which is deprecated. From the current header. * This function is DEPRECATED in favour of sasl_server_...
  • * SASL authentication failed * SASL authentication failed * SASL authentication failed * SASL authentication failed * SASL authentication failed * SASL authentication failed * SASL authentication ...
  • SASL handshake failed

    2020-12-01 14:54:04
    <p>Error: Time:Wed Jun 20 15:14:29 2018 File:C:\Release\iot-sdks-internals\release\python\automation\aziotsdk_pytools\src\c\uamqp\src\saslclientio.c Func:_on_sasl_frame_received_callback Line:901 SASL...
  • sasl/sasl.h' file not found #include <sasl> ^~~~~~~~~~~~~ 1 error generated. *** Error code 1 Stop. make: stopped in /tmp/pear/pear-build-toordHPlAL/mongodb-1.4.0 ERROR: `make' ...
  • While SASL_SECPROPS (or maxssf) coul be set globally via system's ldap.conf, it is not enough if you want one instead to work with TLS and the other without TLS but with signing and sealing of GSS...
  • Implement SASL reader

    2020-11-24 19:41:27
    <div><p>I made RPC writing and reading interface and implemented SASL reader which is supposed to be used when a GSS API server responded with <code>TOKEN</code> auth and the QOP is <code>auth-conf...
  • Sep 27 15:52:06 XTIC postfix/smtpd[30876]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: generic failure Sep 27 15:53:42 XTIC postfix/smtpd[30876]: warning: SASL authentication ...
  • <div><p>It would make the module more useful if it could discover what networks supoort sasl during capability negotiation or performing cap ls (maybe even 3.2 to see what the mechanisms are) and ...
  • <div><p>I have sasl configured with sasl_username/password, sasl_mechanism being 'plain', sasl_fail being disconnect, and sasl_fail_unavailable is on. I connect to freenode this way. But when ...
  • SASL Login to ZNC

    2020-11-29 04:09:54
    <div><p>It would be nice to see users able to log into their ZNC account via SASL. <h2></h2> <h2></h2> <p>Want to back this issue? <strong><a href=...
  • More SASL mechanisms

    2020-12-01 16:12:32
    <p>I would write a PR for that, but this requires decoupling SASL negotiation from the underlying mechanisms. I am not willing to rearrange the internal logic unless I get a blessing from the core ...
  • After <a href="https://prosody.im/issues/issue/729">discussing</a> the issue with server authors , it has been discovered, that in case of successful response of zero length from SASL provider, "...
  • <div><p>The IRC network in question generally supports SASL, but there is a netsplit going on and I am attempting to connect the bot to the side without services. When I first saw this, I changed ...
  • SASL authentication

    2020-12-02 03:12:26
    Naturally it creates a dependency on the Cyrus SASL libraries. It is also quite limited at the moment, only using defaults for all settings and the call is synchronous.</p><p>该提问来源于开源项目&#...
  • <p>TTransportException: Could not start SASL: Error in sasl_client_start (-4) SASL(-4): no mechanism available: Unable to find a callback: 2 <p>Any idea on why this is happening?</p><p>该提问来源于...
  • ACL issue with sasl

    2020-12-01 16:49:07
    <div><p>Some of my nodes are configured with sasl access. It seems that the API isn't configured to work with those: <pre><code> zoonavigator-api | [debug] c.e.z.c.c.b....
  • Support SSL without SASL

    2020-12-01 15:50:57
    <p>Yep saw that , but essentially looking at SSL without SASL <p>So config would look something like (not including everything here) <pre><code> listeners=SSL://:9093 advertised.listeners=SSL:...
  • Implement SASL stuffz

    2020-11-30 13:59:00
    <div><ul><li>Implements Kerberos authentication over SASL</li><li>PLAIN over SASL</li><li>Changing principle name (literally called PLACEHOLDER now)</li></ul> <p>No clue how we can test this as it ...
  • SASL PLAIN over TLS

    2020-12-02 01:50:45
    <div><p>I'm interested in using the <code>no-kafka</code> client with ... Did you have any plans for SASL PLAIN once TLS is in place?</p><p>该提问来源于开源项目:oleksiyk/kafka</p></div>
  • No module named sasl

    2020-11-27 16:27:20
    <p>No module named sasl but when I "pip install sasl " I met many questions , such as " command 'x86_64-linux-gnu-gcc' failed with ", " sasl/saslwrapper.cpp:8:22: fatal ...
  • - https://docs.confluent.io/current/kafka/authentication_sasl/authentication_sasl_scram.html#zk which suggests to use SASL/DIGEST-MD5</p> <p>Can we add orchestration for these?</p><p>该提问来源于开源...

空空如也

1 2 3 4 5 ... 20
收藏数 3,457
精华内容 1,382
关键字:

sasl