Questions tagged [authentication]
A process of proving that an entity (commonly a user or organization) is who they claim to be, or who they were previously identified as being. Authentication does not guarantee that particular entity's identity absolutely, it just proves that they are the same agent that has previously successfully asserted their identity. There are three factors (types) of authentication, and a particular authentication process may combine two or more different factors.
2,229
questions
1
vote
1
answer
34
views
How is the authentication token generated for the IBM Tivoli Netcool/OMNIbus ObjectServer REST API?
We have an application that sends a request to an IBM Tivoli Netcool/OMNIbus 8.1 server's ObjectServer REST API. It sends a GET request to http://1.2.3.4/objectserver/restapi/alerts/status?filter=...
- 283
0
votes
0
answers
27
views
Determine which app send requests to Kerberos
We have a guacamole/mstsc in order to get to our windows instances, the problem in additional requests which comes from background application and i cant determine which one is that.
For example.
I ...
- 101
0
votes
0
answers
29
views
I have enabled authentication and still can connect without username and password to MongoDB
I have the following in my /etc/mongod.conf:
# set parameter options
setParameter:
enableLocalhostAuthBypass: false
# security options
security:
authorization: enabled
#keyFile: replace_me
I ...
- 199
1
vote
0
answers
93
views
Entra Id (AAD) certificate based authentication (CBA) client certificate validation failed ("invalid request") error
I'm trying to get CBA to work according to this article:
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-certificate-based-authentication
I created a self-signed CA for testing ...
- 11
0
votes
1
answer
55
views
su: failed to execute 1 sudo dpkg-reconfigure locales: No such file or directory
I was configuring a linux server and after an apt upgrade this message came up whenever I try to change the user to root.
If I do sudo su -, su -, sudo -i I cannot change user because it says that
su: ...
- 1
0
votes
0
answers
53
views
How to rotate secrets in an untrusted Kubernetes environment
I'm automating the provisioning of Kubernetes environments for developer users. I'd like to regularly rotate the resources of kind 'secret' that are inside these environments. Furthermore, I'd only ...
- 113
2
votes
1
answer
65
views
RHEL 9 use ldap (AD) for authentication only
I want to manage users locally on an RHEL 9 system. I want to create, delete, associate with groups all locally. However I want their password to be validated against LDAP. If they don't exists in ...
- 21
1
vote
1
answer
54
views
AD FS Access Control Policy to permit specific groups and require MFA
We use an on-premise AD FS server (currently on Windows Server 2019), with several "relying party" applications. This is connected to local Active Directory, which in turn syncs to an Azure ...
- 13k
0
votes
0
answers
21
views
User dashboard: how to make sure user cannot access other people's data?
A user can log in to their dashboard. When they log in, the front end pulls data from an S3 bucket corresponding to the user, like (e.g.) bucket/data/user5/data.json. This data is then rendered into a ...
- 111
-2
votes
1
answer
20
views
Computer does not print, accept remote-connections nor open SMB folders until restart
I encountered a Windows 10 which seems to have problems with authentication. The computer does not accept remote connections, does not open smb-folders or print a file (no error shown, when the pc ...
- 1
0
votes
0
answers
62
views
How to set up a persistent access token for service account?
I am trying to connect Google's Vertex AI API to a desktop app written in C++ using their REST APIs. Auth token is part of the process. Being very distant from devops and GCP tech in general I wonder ...
google-cloud-platform
0
votes
0
answers
24
views
Nginx as reverse proxy for Gitblit with client certificate authentication. Peer closed connection in SSL handshake while SSL handshaking to upstream
We used the nginx as reverse proxy for the gitblit with client certificate authentication.
Given the nginx configuration as below.
server {
listen 443 ssl http2 default_server;
server_name _;
...
- 101
0
votes
0
answers
40
views
Is there a way to add SAML-based SSO to an unauthenticated application I am hosting?
I am running an application that doesn't have authentication built-in. I would like to require Google SSO with SAML as a way for users to be allowed to use the application. I am looking for any advice ...
- 101
0
votes
1
answer
98
views
With postfix, how do you setup SASL with dovecot to receive SMTP mail and cyrus to authenticate?
I had a static IP address and setting up my mail relay was as easy as:
mynetworks = ... <static IP address> ...
(and of course authorize all incoming mail from mynetworks).
Now that I do not ...
- 2,250
0
votes
0
answers
37
views
Where does .env (which contains the client secret) go?
I have a React app with a Node.js server.
Here is the directory structure:
.env
app
.env
.gitignore
build/
node_modules/
package copy.json
package-lock.json
package.json
...
- 111
0
votes
1
answer
176
views
AWS Cognito: auth page not showing up, DNS_PROBE_FINISHED_NXDOMAIN from hosted UI URL
Here is the url I am navigating to:
https://auth.[domain].com/oauth2/authorize?client_id=[id here]&response_type=code&scope=email+openid+phone&redirect_uri=https%3A%2F%2F[domain]%2F[...
- 111
0
votes
1
answer
112
views
Pubkey authentication not allowing to enter the server
I'm trying to access my server through SSH using pubkey authentication, but it's not working and I don't understand why. I've been around this same issue for 2 days now.
I'm using Ubuntu 20.04. All I ...
- 101
1
vote
0
answers
129
views
With a locally hosted Traefik proxy, what should my "trustedIPs" be for Authelia
I had a working docker stack with my home media server using a single docker compose file:
version: "3"
secrets:
authelia_jwt_secret:
file: $SECRETS_PATH/authelia/jwt_secret
...
- 254
0
votes
2
answers
357
views
Google Cloud Platform authentication - unable to list projects or set project
I had previously authenticated with Google Cloud Platform and everything was working correctly, however all of a sudden, today I started receiving errors mentioning google-gax in a Node app:
2023-09-...
0
votes
0
answers
35
views
Gitlab Access Tokens, protected by authenticating Apache Reverse Proxy?
We hide a Gitlab instance (among several other applications) behind a single Apache Reverse Proxy, that is doing user authentication (OpenID) before granting further access to the lower services.
This ...
0
votes
0
answers
76
views
Apache 2.4 unixgroup authentication not working
Require unix-group is not working for me when configuring the VirtualHost for my Apache server. Whenever I log in using pwauth, the server still authenticates users who are not members of the group ...
- 1
0
votes
0
answers
59
views
Redis - Unable to Authenticate
I have been trying to set up an Authelia instance for the last week or so and keep running into an issue where it won't authenticate to the Redis instance (both in Docker). I suspected it was because ...
- 101
0
votes
1
answer
737
views
Is password needed when connecting via Cloud SQL Auth Proxy?
It seems like it's needed, because it asks me for the password. But if so, then what's the point in having 2 credentials (a credentials file + password)?
If not, then what am I missing?
The docs is ...
- 2,195
0
votes
0
answers
34
views
Authenticating to Hashicorp Consul from a VM
I am trying to understand how can I authenticate to Consul from a VM. I have Azure AD as IDP, but it's not clear from the documentation whether it can be used to retrieve JWT token to use it later to ...
- 31
1
vote
0
answers
304
views
AuthorizedKeysCommand setup prompts for password
The issue: Even though I've set up AuthorizedKeysCommand and password authentication is stopped when I attempt to log in from my Mac, I am still being asked to enter the password:
OS: Rocky Linux 9.2
...
- 31
0
votes
0
answers
59
views
Using shadow password from LDAP while using SSSD for identity
I'd like to use SSSD ldap as a provider for shadow entries. It seems to be supported, given the default config with sssd installed adds sss to both passwd and shadow in nsswitch.conf, but I can't get ...
- 1,296
2
votes
1
answer
196
views
Configure postfix to enforce client certificate authentication for one domain
I have a postfix server which processes mails for several domains. The server is using TLS encryption if the client requests ist, but does currently not enforce it for compatibility reasons.
Now there'...
- 175
0
votes
0
answers
104
views
how to set up eat /etc/pam.d/radiusd file to authenticate a user with his username, password and Google Authenticator token. Using Freeradius for 2FA
i have a problem about configuring the “/etc/pam.d/radiusd” file.
I am working on a Linux Debian System.
rn this is my configuration:
auth requisite pam_google_authenticator.so forward_pass
auth ...
1
vote
0
answers
423
views
curl only attempting public key auth for SFTP, not printing SSH authentication methods available
I am trying to use curl to connect to an SFTP server. The server only accepts password authentication. When I try to connect, curl only attempts public-key auth.
$ curl --verbose --insecure 'sftp://...
- 499
0
votes
0
answers
199
views
pam: reducing auth method timeout
I have set up user fingerprint auth on Fedora 37 laptops.
With fingerprint auth as default auth choice, pam is waiting by default for 10 seconds for a valid fingerprint. Now, I would like to reduce ...
- 243
1
vote
2
answers
227
views
How do I query user attributes from a Samba AD DC in Linux with Kerberos auth?
An answer exists for querying AD with password auth, which is working fine locally. What about Kerberos auth? Running ldapsearch with GSSAPI auth yields the following error:
$ ldapsearch -ZZ -Y GSSAPI ...
- 163
0
votes
0
answers
52
views
Using Google Authentication on iPhones on Aruba wireless
We have set up Google Authentication for our Aruba WiFi network. We are using Central (v 8 and 10 - both have the issue) and AP-515s and AP-535s. The solution works as expected on every platform ...
0
votes
1
answer
3k
views
Authentication failed while git clone
I created a VM and installed docker and git and then tried to clone a github project.
git clone "project_url"
Gave correct username and pwd but after that I am getting below error
remote: ...
0
votes
0
answers
128
views
Why is my Default Apache Guacamole Web Client Admin Login Creds Invalid?
I'm currently setting up an Ubuntu server to run an Apache Guacamole RDP Gateway, and for some reason, when I try to login to the web client, it's giving me an invalid login error when I use the ...
- 1
-1
votes
1
answer
79
views
How can i certify cabling with a cat5 certifyer if the cabling is mixed cat5 and cat6 thanks
Hello I'm getting ready to certify some cabling and realized it is mix matched cat5 and 6 but my certifier is only for cat5. So I wonder if I needed a speacial certifier to do that thanks.
- 21
0
votes
0
answers
67
views
SSPI, Treat wrong credentials as anonymous user
I'm running apache 2.4 with xampp, and so far my sspi works well with mod_authnz_sspi.
I would like to accept all users, but get their name in $_SERVER['REMOTE_USER'] if they are in my active ...
- 101
0
votes
0
answers
76
views
Authentication and user manager for Ubuntu
I'm a little bit confused about user management / authentication systems.
I would like to achieve the following:
Have a central database of users / organization units (like Active Directory) - ...
- 125
0
votes
1
answer
1k
views
How does userPassword attribute work in LDAP?
I'm just learning about LDAP, and there's something I don't quite understand.
When we create users in a directory, we define their password using the userPassword. When we use for example the {SSHA} ...
- 143
0
votes
0
answers
16
views
github auhentication method to access only all my organization's repos
I've been reading the official documentation and various articles but it's unclear to me. My organization has multiple users and multiple repos. It would not be right to merely authenticate as a ...
github
- 186
0
votes
1
answer
46
views
How to prevent postfix from sending e-mails without authentication
my first post here.
I had a postfix that I'm using as a relay.
I configured to use authentication with the following main.cf: https://pastebin.com/TQfmAQp2
The problem is: when I try to send an e-mail ...
3
votes
0
answers
9k
views
What is the meaning of this line from ssh output: 'Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling'?
Everything works, ssh connects using private-public ssh key pair.
Just few things in ssh -v Ora2 output isn't clear for me.
This is complete ssh -v Ora2 output:
PS C:\Users\roeslermichal> ssh -v ...
- 145
1
vote
0
answers
191
views
How to setup pam on debian 11
I have installed debian 11 and pam-ldapd.
Now, I want to setup authenticating for openvpn with pam. When I wanted to test it with 'getent passwd' command, I got only local users response.
Can you help ...
- 25
0
votes
1
answer
345
views
Disabling password authentication
Suppose I want to allow SSH authentication only, and disable password authentication.
In /etc/ssh/sshd_config I've typically done this:
PasswordAuthentication no
But in some answers people recommend ...
- 918
0
votes
0
answers
244
views
Ubuntu20.04 : How to give non root user access to systemctl
The ubuntu version is 20.04
I am running a http service on port 6000.
I have created the service and as a user root i can run the service successfully
I have created a account svc_auto_bm and wanted ...
3
votes
1
answer
1k
views
Let's Encrypt certificate on SQL Server 2019 - "The target principal name is incorrect"
Summary
I'm having trouble getting a certificate issued by Let's Encrypt R3 to work on SQL Server 2019. When using the certificate for SSL but not trusting the server certificate explicitly (In SSMS, ...
- 31
0
votes
1
answer
256
views
Detected LanMan/NTLMv1 Authentication method on Windows Server 2016
After running a security scan, I have this vulnerability showing up: Detected LanMan/NTLMv1 Authentication method.
I can only find information about Windows Server 2008, or Windows XP online regarding ...
- 1
0
votes
0
answers
472
views
azure app registration redirect uri not working for a spa application but only for one server
m a little stumped on this and just wondering if anyone had any ideas.
I have registered in azure an application with 3 spa redirects It is a .net core react application
http://localhost:3000/eem/ (...
- 101
0
votes
0
answers
29
views
Exchanging AD user groups with an external -not trusted- server for authentication and authorization
I'm not really sure how to short and precisely describe my problem. Thus, I was unable to find a solution or at least a hint via google.
We have a Microsoft AD domain and are currently planning to use ...
- 1
0
votes
0
answers
324
views
Can't config certificate-based authentication in WinRM / WSMan
I'm trying to configure certificate-based authentication in WinRM. I need this to source-initiated subscription of WEF from non-domain machine.
I use manual published by MS: https://learn.microsoft....
- 1
0
votes
0
answers
37
views
IIS with alternate name in SAN Cert prompts for Credentials
I have a server (server01) running IIS with a Web certificate installed. The certificate has the following SANs -
server01.companyname.com
server02.companyname.com
The binding on Default Web Site ...
- 101