We do have java example that uses the JSch library to perform the sftp operation. When this example executes and communicates with server that has Kerberos- gssapi enabled, then it would ask for username and password through prompt and application stops to get the entries.
Please see below -
Kerberos username [user1]:
Kerberos password for user1:
We need help- how we can avoid this prompt? but make sure we need to support the gssapi (Kerberos) as well.
Can someone help me on this.
Thanks,
Hrushi
I have resolved this issue by following below steps -
create file jaas.conf like below -
user1#hostname:~$ cat /etc/jaas.conf
com.sun.security.jgss.krb5.initiate {
doNotPrompt=true
};
add below entry in jvm env
-Djava.security.auth.login.config=/etc/jaas.conf
Restart/retest the example.
Thanks,
Hrushi
Related
I'm using Spring application and stack is like: Java 11, Spring Boot 2.2.1.RELEASE.
(technology versions may vary here)
When I try to connect to the database via Data Source using Intellij IDEA, I get always the issue like:
The specified database user/password combination is rejected:
[28P01] FATAL: password authentication failded for user 'postgres'
How can I fix it?
To be noticed: this answer is similar, but not related to:
Unable to connect from Intellij to mySql running in docker container - "specified database user/password combination is rejected"
To fix it:
you need to check your application.properties file and change the value of user password on line:
spring.datasource.password=your_password
The cause of issue is:
your value of the property spring.datasource.password in application.properties
does not match the user password what was selected by default during installing your database system.
E.g. more specifically on the step "Enter the password for the database superuser (postgres)":
To clarify: provided example is for PostgreSQL, but it can be another database system.
Edit: this assumes you run Linux
if the other answer provided by invzbl3 doesn't work, check out this solution, it worked for me. Make sure to restart afterwards.
https://docs.fedoraproject.org/en-US/quick-docs/postgresql/#_initial_configuration
If you’re getting ident errors from your app you’ll probably need to perform the accepted solution described at https://serverfault.com/questions/406606/postgres-error-message-fatal-ident-authentication-failed-for-user?newreg=a4fdc3e21349449985cc65b82399c5b4
(if you don't have nano, just use any other text editor)
sudo nano /var/lib/pgsql/data/pg_hba.conf
and edit host all all 127.0.0.1/32 ident to host all all 127.0.0.1/32 md5.
This should allow most applications to connect with username/password.
I set up a script to connect on webdav server.
I run winscp with this parameters:
"C:\Program Files (x86)\WinSCP\winscp.com" /script=script.txt /log=winscp.log /ini=nul
Then, the script is:
open davs://user#company.com:password#querty.sandbox.company.com/in/my.servlet/webdav/Catalogs/company/
synchronize remote -mirror D:\winscptest\files\ /in/my.servlet/webdav/Catalogs/company/
close
exit
When i run the command, authentication fails, with this output:
Connecting to host...
Authenticating...
Access denied.
Authentication failed.
Could not authenticate to server: rejected Basic challenge
Connection failed.
If i configure the connection in winscp (with GUI), all works fine.
Can someone help me to configure the script correctly?
Thanks
#MartinPrikryl thanks for your attention.
I contacted webdav server 's administrator, to check log their side, and he noticed that account was blocked, may be to many tries with wrong password.
Then i understand that username and password must be url enconded to use it in a script.
#MartinPrikryl great work with winscp, i love it.
Bye
I have running mosquitto and I want to do that only one client can connect to topic as publisher (maybe with password or something) others can only conncet as subscriber.
Defining topic and user access rights at conf file is the way that. But in my application topics are created dynamically at run time.
How can I achieve this?
Thanks
See mosquitto-auth-plug
... plugin can perform authentication (check username / password) and
authorization (ACL).
You may need to modify one of the backends suited for you if you want to have a dynamic behavior on topic authorization. See be_jwt_aclcheck functions.
I'm trying to configure LDAP authentication for teamcity but can't get it to work. I already configured some other services on this server to authenticate using LDAP and had no problems (so it's not fault of the DC).
Following describes my config file:
java.naming.provider.url=ldap://192.168.0.123:389/DC=server,DC=example,DC=com
java.naming.security.principal=ldap-user
java.naming.security.credentials=jE&4i.%$lpDr3#?
java.naming.security.authentication=simple
teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(memberOf=CN=Group1,CN=Users,DC=server,DC=example,DC=com))
teamcity.users.username=sAMAccountName
teamcity.auth.loginFilter=[^/\\\\#]+
teamcity.options.users.synchronize=false
teamcity.options.groups.synchronize=false
When I set authentication to 'none' it works (but I can't restrict access to a specific group). I also tried using the full user name (incl. domain; i.e. DOMAIN\ldap-user) and also tried to use full DN instead, but it didn't change anything.
In log i see that the ldap server returns error code 49, which means that the binding failed. Like mentioned before I already configured other services on this server to authenticate with the same ldap server and the same binding user and had no problems.
Does anybody know how to solve this issue?
Thanks in advance!
This is my configuration and It working fine. The synchronization is allowed so information like email and name there are no available but enable the login with NT Id and Credentials
java.naming.provider.url=ldap://amer.xxxx.com:389/DC=amer,DC=xxxx,DC=com
java.naming.security.principal=CN=SRVAMR-xxx,OU=CMAPPS,OU=Service,OU=Accounts,DC=amer,DC=xxxx,DC=com
java.naming.security.credentials=Pf867955
teamcity.users.login.filter=(&(sAMAccountName=$capturedLogin$)(memberOf=CN=AMR-GENOME-L,OU=GMA,OU=Security,OU=Groups,DC=amer,DC=xxxx,DC=com))teamcity.users.username=sAMAccountName
I Hope help you
I'm running a mongodb process with the following line:
/usr/bin/mongod --dbpath /var/db/mongo --journal
According to mongodb's docs:
http://www.mongodb.org/display/DOCS/Http+Interface
I should be able to access the http console with http://myhost:28017
When I attempt to access the page it asks for authentication.
According to the docs if security is configured I would need to authenticate. But after looking at mongodb.org/display/DOCS/Security+and+Authentication it seems clear to me I'm not using any authentication. I don't run the process with the --auth option, nor are there any users when I run a db.system.users.find() command.
What's going on here?
I have been able to reproduce this, and this is not the intended behavior. I have filed https://jira.mongodb.org/browse/SERVER-4601 The fix version is 2.1.1
Thank you for bringing this to our attention!
In the meantime, there are two work-arounds:
1) Enter the credentials for authentication in the browser pop-up window
2) Remove all user credentials from each of your DBs (including admin) using db.system.users.remove()
Either of these should allow you to view the http console.
Greetings Brain,
i am using mongo V 2.4.6 and its on default port 27017, its http console is enabled by default but when you try to access from Network it ask for password and i dont know why as i am new to this and dont know the exact reason. by i have a way to access it.
Create a tunnel to your mongo Server and when you access, it wont ask for password. and if you are using putty.
enter host name
go to ssh on left menu options and click +
Than Click on tunnel
in Source port type 28017
in destination type localhost colon port 28017(sorry dont know how to write http url in localhost here in my post)
not click open and provide ssh username and password
now open browser on PC from where you are doing ssh .Type localhost and port 28017
and Boom its accessible and wont ask for username and password. hope it work for you, let me know if u need any help.