I'm currently learning about Kerberos and I was wondering - is there a way for me to access the Ticket Granting Ticket I received from the KDC?
As a rule: no. The TGT is highly sensitive and many platforms try and go out of their way to prevent you from touching the TGT directly. In some libraries you can query it out of the ticket cache.
That said, you haven't specified which platform or library or anything that would allow anyone to give you a more definitive answer.
The secondary answer is: just invoke the AS leg of the protocol and you'll have the TGT.
In most platforms there are tools out there that let you query the TGT to see the metadata of the ticket, such as klist on Windows.
Related
I'm looking for astandards-based TOTP (time-based one time password) authentication server to implement strong security for my Netscaler appliance.
I was not able to find a radius server with easy to use interface that supports Google Authenticator.
Grateful if you can suggest a solution!
Thanks
Not sure about how easy to use this solution is, but what Citrix suggests is OpenOTP. It supports Google Authenticator (in addition to others). It is free for 25 users, 50 users will cost you at least 1000EUR
Another solution is TOTPRadius, no pricing info is available, but it is the only one supporting self-registration if using Citrix StoreFront.
p.s. Sorry, forgot to add a disclaimer: I am affiliated with Token2
Update regarding OpenOTP: it is free for 40 users. Please ask RCDevs for actual pricing regarding more users.
Starting with 50 users you are entiteled to install the OpenOTP/WebADM Backend as an active/active cluster (2 servers).
The OpenOTP Token App supports additional features compared to Google Authenticator.
For fast evaluation, virtual appliances (for Oracle Virtual Box or VMware) are available under here.
Protectimus provides 2FA solution for strong protection against unauthorized account access within Citrix XenApp. It also has a status of Citrix Ready. You can contact sales team for actual pricing.
Disclaimer: I work for Protectimus
I had someone reach out to me with a couple of queries about source code encryption in Team Services. I don't know and can't find an answer to online (Google fell flat?).
The question is: Can a company control their own encryption of source code at rest with Team services? Essentially, this would mean controlling their own keys and having the ability to pull access logs for people accessing the source control.
I believe the answer is still no. Microsoft may encrypt, but I don't believe there is a provision for a company to control their own source control security if it goes on the cloud.
The answer is just as what you think: No for now. Microsoft use kinds of ways (Check this link for details: Visual Studio Team Services Data Protection) to protect the customer data, but the way which you are asking isn't supported for now.
You can submit a feature request on VSTS User Voice for this.
In my web based application I'm looking for a way that enables only
some of the user to connect how have special client certificate installed
on their browser.
I'm very new to this field and already searched it on Google but all resources found are confusing and failed to provide what should be done to setup this kind of structure, I'm just looking for any expert who have ground knowledge on this any education links and articles suggested are welcome.
You are probably looking for two-way (or mutual) authentication with TLS.
Here is a step-by-step guide for a manual trial on Linux-derived systems.
Hi I am using CAS for SSO. But problem is that i want reset password,register new user on CAS login screen.Does CAS provide these services or i have to implement?
Or Any other SSO solution exist which fulfill my requirement.
CAS is just a SSO frontend to your existing identity management solution (database, LDAP etc). It does not include any identity management features itself (create user account, reset password etc). I have recently been using the Cloudseal platform which is a full identity management solution and so far I am pretty impressed. I believe Atlassians Crowd also includes this although I have not used it. There are probably other products out there as well.
Both of these are commercial products although they are both free for the first 50 users. Crowd is a traditional standalone platform which you download, install and configure but Cloudseal is a hosted service so there is no installation and less config.
You can certainly modify the spring weblog and login page to allow for the functionality that of course you'd have to implement. You should also ask the question on #cas-user mailing list to see if a similar need in the community has been implemented by other users which you may be able to take advantage of. I remember only recently someone raised the same question to the list and there was a bit of interest in getting this feature developed and integrated. You may want to revisit the topic on the mailing list.
Hope this helps.
I am investigating an open source solution for IdM.
So far, my choices are OpenIDM, OpenAM, Josso & CAS.
But most solutions are focusing on SSO, however my requirements are more on user management and provisioning. Can Josso/CAS/OpenIDM provide user provisioning/deprovisioning, group policy , etc? Any open source alternative to Atlassian Crowd, matching in every functionality?
The open source solutions that you mention focus largely on SSO, not identity management. JOSSO has a user provisioning feature but AFAIK it does not include group policies. If you are looking for a full identity management solution you would need to look at the commercial products like Cloudseal, Crowd, Oracle etc.