gaborgsomogyi/SPNEGO from MacOS.md

Last active August 26, 2021 13:54

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/gaborgsomogyi/8d0f6f9a557051c10e670ed9abda339b.js"></script>
Save gaborgsomogyi/8d0f6f9a557051c10e670ed9abda339b to your computer and use it in GitHub Desktop.

Download ZIP

Raw

SPNEGO from MacOS.md

Modify krb5.conf

$ cat /etc/krb5.conf
[libdefaults]
	udp_preference_limit=1
	default_realm = VPC.CLOUDERA.COM
	forwardable = true

[realms]
	VPC.CLOUDERA.COM = {
		kdc_ports = 88
		kadmind_port = 749
		kdc = gsomogyi-sec-1.vpc.cloudera.com
		admin_server = gsomogyi-sec-1.vpc.cloudera.com
	}

Get TGT

kinit systest -l 7d

Chrome setup

$ defaults write com.google.Chrome AuthNegotiateDelegateWhitelist "*.VPC.CLOUDERA.COM"
$ defaults write com.google.Chrome AuthServerWhitelist "*.VPC.CLOUDERA.COM"

$ defaults read com.google.Chrome AuthNegotiateDelegateWhitelist
$ defaults read com.google.Chrome AuthServerWhitelist

Safari setup

Works by default.

Firefox setup

Go to: about:config

network.negotiate-auth.trusted-uris=vpc.cloudera.com
network.negotiate-auth.delegation-uris=vpc.cloudera.com

Test login

There are 2 possibilities to test it:

Start browser and test against the Kerberized web service: https://gsomogyi-sec-1.vpc.cloudera.com:18211/
Use curl

curl --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt -v --insecure https://gsomogyi-sec-1.vpc.cloudera.com:18211/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment