spnego – WindowsTechs.com

SPNEGO-based Kerberos authentication: Should I create a new security context using `gss_init_sec_context` for every request?

Posted on December 10, 2023 by Shuzheng

I’m implementing SPNEGO-based Kerberos authentication for a Linux client application for authenticating requests to a Windows IIS server.
I’ve read RFC4559, which describes how authentication should be performed:
https://datatracker.ietf.o… Continue reading SPNEGO-based Kerberos authentication: Should I create a new security context using `gss_init_sec_context` for every request?→

How to prevent CSRF attacks on a REST API when using Windows Authentication

Posted on June 8, 2020 by webbertee

I have a Angular web app that interacts with a REST-API. Requests are authenticated with a JWT Bearer token. I now want to add support for Windows-Authentication.

My current plan is to add a POST-Endpoint /token to the REST-API, which acc… Continue reading How to prevent CSRF attacks on a REST API when using Windows Authentication→

Is there any existing attempted implementation of GSS-API/SPNEGO/GSS-SPNEGO for anything other than Kerberos / NTLM?

Posted on July 12, 2019 by Eran Medan

I’m aware that SPNEGO is de-facto only used in the wild for Kerberos or NTLM. Is there any research / academic / educational example on how it can be also used for other mechanisms as well?

Continue reading Is there any existing attempted implementation of GSS-API/SPNEGO/GSS-SPNEGO for anything other than Kerberos / NTLM?→