Skip to content

Instantly share code, notes, and snippets.

@gaborgsomogyi

gaborgsomogyi/SPNEGO from MacOS.md

Last active August 26, 2021 13:54
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gaborgsomogyi/8d0f6f9a557051c10e670ed9abda339b to your computer and use it in GitHub Desktop.
Save gaborgsomogyi/8d0f6f9a557051c10e670ed9abda339b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
SPNEGO from MacOS.md

Modify krb5.conf

$ cat /etc/krb5.conf
[libdefaults]
	udp_preference_limit=1
	default_realm = VPC.CLOUDERA.COM
	forwardable = true

[realms]
	VPC.CLOUDERA.COM = {
		kdc_ports = 88
		kadmind_port = 749
		kdc = gsomogyi-sec-1.vpc.cloudera.com
		admin_server = gsomogyi-sec-1.vpc.cloudera.com
	}

Get TGT

kinit systest -l 7d

Chrome setup

$ defaults write com.google.Chrome AuthNegotiateDelegateWhitelist "*.VPC.CLOUDERA.COM"
$ defaults write com.google.Chrome AuthServerWhitelist "*.VPC.CLOUDERA.COM"

$ defaults read com.google.Chrome AuthNegotiateDelegateWhitelist
$ defaults read com.google.Chrome AuthServerWhitelist

Safari setup

Works by default.

Firefox setup

Go to: about:config

network.negotiate-auth.trusted-uris=vpc.cloudera.com
network.negotiate-auth.delegation-uris=vpc.cloudera.com

Test login

There are 2 possibilities to test it:

  • Start browser and test against the Kerberized web service: https://gsomogyi-sec-1.vpc.cloudera.com:18211/
  • Use curl
curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt -v --insecure https://gsomogyi-sec-1.vpc.cloudera.com:18211/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment