Questions tagged [authorization]
The authorization tag has no usage guidance.
162
questions
0
votes
0
answers
8
views
Apache Ranger vs Keycloak for authorization
Iam new to both Apache Ranger and Keycloak. When I was doing my research I understood that, Apache ranger and Keycloak both has the authoirzation capabilites, added keycloak has authentication ...
- 101
1
vote
1
answer
34
views
How is the authentication token generated for the IBM Tivoli Netcool/OMNIbus ObjectServer REST API?
We have an application that sends a request to an IBM Tivoli Netcool/OMNIbus 8.1 server's ObjectServer REST API. It sends a GET request to http://1.2.3.4/objectserver/restapi/alerts/status?filter=...
- 283
0
votes
1
answer
37
views
Can you limit a role to objects that meet a selector?
How can we limit a service account to only be able to create, list, delete etc. objects that have a specific label within a given namespace?
We have engineered an hierarchy of services (which map to ...
- 165
-1
votes
2
answers
63
views
Server authorization based on token with expiration
I'm trying to be able to create video streaming over HTTP which would specific authorization method described below, but I'm not sure how to approach this.
Currently I'm using the Motion package which ...
- 49
0
votes
0
answers
29
views
Exchanging AD user groups with an external -not trusted- server for authentication and authorization
I'm not really sure how to short and precisely describe my problem. Thus, I was unable to find a solution or at least a hint via google.
We have a Microsoft AD domain and are currently planning to use ...
- 1
0
votes
0
answers
45
views
Radius authorized WiFi clients cannot access network
I am using Fortigate + FortiAP and a Radius (WS 2019 NPS) for authorization.
I can access the WiFi, I receive IP from dhcp (which is in the network), however I cannot go anywhere else.
I cannot even ...
- 17
1
vote
2
answers
311
views
Folders untouchable: owner unknown and cannot be changed
I have a parent folder, let's call it 'P', and in P resides 5 child folders. I am administrator of this non-domain joined server, but I cannot delete these child folder or in any other way alter them.
...
0
votes
1
answer
496
views
DKIM E-Mail verification - prevent receivers from accepting unsigned emails?
I have set up SPF, DKIM and DMARC in my domain (to the best that I can figure out), but I still can send spoofed emails - without a DKIM signature - and they are accepted (at least when I test with ...
- 2,760
0
votes
1
answer
114
views
Automatic EC2 Role Assignment
Trying to understand AWS IAM resources/concepts a little better. I know there is a way to configure an EC2 (either possibly via its underlying AMI or a launch template) so that when it launches for ...
- 143
0
votes
1
answer
315
views
Can I map multiple AD groups to multiple roles on ESXi?
I have an AD joined ESXi server (v7.0) without a vCenter server. I can map an AD group to the "Administrator" role by configuring the advanced setting Config.HostAgent.Plugins.Hostsvc....
- 636
0
votes
1
answer
810
views
Reverse proxy to direct different users to corresponding locations
I have a server. One of its functions is SyncThing. This app has no per-user authorization, only admin. So I decided to run different Syncthing instances for each user.
For authorization process I ...
- 115
0
votes
1
answer
130
views
How to get Gravitee to do recursive group lookups
I have set up Gravitee APIM 3x (gateway, rest-api, console and portal).
This work fine. When trying to replace the memory authentication with LDAP (FreeIPA) authentication, I am able to get the ...
- 111
0
votes
0
answers
374
views
Login to SSL VPN via SSO and then use SSO inside VPN for other Service Providers possible?
I have a setup where you authorize via SAML SSO (keycloak as idp) to access a SSL VPN (fortigate as sp). Now inside the VPN there are authorization reverse proxy servers.
Is it possible to have the ...
- 1
0
votes
1
answer
51
views
What role does session on the Authorization server play?
I was reading about Sessions in this article
https://auth0.com/docs/users/sessions
It says when a user logs in, two types of sessions are create
Two sessions are created:
The local session (storezero....
- 123
1
vote
1
answer
1k
views
Varnish with Basic auth returns 401
I've tried to configure Varnish on server which has Basic Auth authentication by using these solutions:
https://stackoverflow.com/a/40424168/7202171
https://blog.tenya.me/blog/2011/12/14/varnish-http-...
1
vote
1
answer
141
views
Allow only selected address to connect to openssh
I need to restrict connections to an openssh server to only three or four IP addresses. I know I can, on the CentOS 7 and Oracle Linux boxes, use firewalld or TCP wrappers. However, some of the ...
- 51
1
vote
1
answer
686
views
NGINX auth_basic exclude GET request to specific php script
I can't seem to figure out how to exclude a specific location from auth_basic.
server {
server_name example.com;
root /var/www/html;
index index.php;
auth_basic &...
- 113
1
vote
2
answers
335
views
Hardware token/UUID for authentication of software
Is there a unique hardware token or a UUID on every computer motherboard/BIOS that can be used to create a "strongly coupled" software?
I am working on writing a proprietary software for a ...
- 113
1
vote
0
answers
75
views
Enforce kerberos authentication for each IIS site without individual site developers being able to disable it
We have a IIS server with multiple sites that are managed by different teams. We want to standardize on and enforce Kerberos autentication for all sites with each site having an individual AD group ...
- 135
1
vote
0
answers
152
views
How to configure the apache authorization chain for Kerberos (mod_auth_kerb) and SSL?
What directives and conditions to configure the Apache configuration as follows:
We try to authorize through Kerberos.
If successful (What condition to use?), Then we redirect to URL1.
Otherwise, we ...
1
vote
0
answers
26
views
Can you implement token based authentication/authorization without a 3rd party?
fyi I'm a total newbie to server stuff (I'm an app developer, trying to implement a simple but secure api back end)
It sounds simple enough, user sends his username/password, if it authenticates, you ...
- 11
3
votes
2
answers
6k
views
How to whitelist Authorization header in CloudFront custom Origin Request Policy?
I have created the following CloudFront Origin Request Policy:
I need Authorization header (without Authorization header the AntiForgeryToken header is not forwarded) but I do not understand why ...
- 528
1
vote
2
answers
21k
views
Unable to start services in Centos 7 with error "Authorization not available" even as root user
I am not able to start services for the following Centos 7 server
[root@myserver home]# uname -r
3.10.0-1160.11.1.el7.x86_64
[root@myserver home]# cat /etc/centos-release
CentOS Linux release 7.9.2009 ...
- 111
0
votes
1
answer
59
views
What is the solution for authorizing linux users? [duplicate]
Entire company uses Linux distributions for users and and servers solutions.
Company employees, when authenticate themselves to pc and are connected do company internal network, should get ...
- 1
0
votes
1
answer
343
views
Proxy server capable of injecting authentication parameters/headers into the request
The idea is to have a proxy server(like SOCKS4/5, but for HTTP protocol), the purpose of this proxy server is to authenticate requests on behalf of the users, by manipulating the requests.
For example ...
0
votes
0
answers
287
views
Apache X-Authorization request header
I'm using Basic file type authorization in my Apache httpd configuration.
And my http request contains X-Authorization request header instead of Authorization.
I'm getting unauthorized error. How can ...
1
vote
0
answers
41
views
Login Active-Directory account require different username values in loginwindow and switch user
I've just bind my machine (running Mojave) to new AD server and would like to login to an existing AD account from loginwindow startup screen, but all I get is a tilted password record (indicator that ...
- 111
0
votes
1
answer
373
views
Authorize an user to use a permission-required software downloaded in program file(x86)
There are several permission-required software downloaded in program file(x86) in my company. Every time users need to use them, I have to go to their computers and type the password of administrator ...
- 1
0
votes
2
answers
3k
views
Apache authentication fails with require ldap-group
I have been trying to tie apache on a windows server to our active directory server for authentication and authorization.
In order to test it, I have been trying the "ldap-status" handler, with the ...
- 233
1
vote
2
answers
16k
views
How can one allow or deny an ssh login for a specific user(s) or group(s) on an sshd server?
How can one allow or deny an ssh login for a specific user(s) or group(s) on an sshd server?
(I realize SE has similar questions, but not I could find any that address this specific point. All others ...
- 227
0
votes
1
answer
4k
views
Error 404 when trying to access Kubernetes dashboard from remote laptop using SSH proxy
I have a remote cluster on a remote private Cloud to which I have only SSH access (no GUI). I started the proxy server with:
kubectl proxy --address=0.0.0.0 --accept-hosts=.*
And started a local SSH ...
- 103
2
votes
2
answers
2k
views
PAM dynamic LDAP Authorization with groups
At the moment my PAM is integrated through LDAP with a custom authentication stack in the /etc/pam.d/systhem-auth:
auth required pam_env.so
auth required pam_faildelay.so ...
- 71
2
votes
3
answers
9k
views
How to keep Authentication header with redirect using NGINX ingress annotations
I have an nginx ingress controller for my kubernetes cluster. I have a need to add a permanent redirect to an ingress which I can successfully do with
nginx.ingress.kubernetes.io/permanent-redirect: "...
- 131
1
vote
1
answer
177
views
IP-based Authentication
Is there a way to authenticate an user account (active directory) via ldap only when it is requesting from a specific ip range? In any other cases, the user account should not work.
Short: Is it ...
- 11
2
votes
2
answers
10k
views
Authorization based on custom Header (Apache)
I have a service running behind a Apache Reverse-Proxy that uses the custom headers "username" and "role" to identify users and their role.
I want Apache HTTPD to restrict access to to people whose ...
- 33
-1
votes
1
answer
3k
views
dovecot with LDAP can't find userPassword
I'm new to LDAP and I'm trying to use it with Dovecot for authentication. When I test out my setup with Telnet and IMAP, it reports 'userPassword not found'. However a simple search using the same ...
- 21
2
votes
1
answer
208
views
Understanding AWS Cloudfront's origin access identifiers
I do not really understand the security behind AWS Cloudfront's OAI. The only thing it does is switch the bucket's domain.
Instead of accessing the bucket with https://s3.amazonaws.com/[Bucket]/* it ...
- 179
1
vote
0
answers
532
views
Cannot use integrated security with netcore app on iis installed as a web site
I have a little test project in netcore (2.1.401) that returns the logged in user via CNTLM. I deployed it to an IIS server following [this guide]. I also added the website to the hosts file.
If I ...
- 1,181
1
vote
0
answers
178
views
Reauthorize Google Container Registry GCR to read from Github
When trying to create a new Build Trigger I get the following response, after selecting Github as a source:
Google Cloud Platform was not authorized to list repositories. Its access was most likely ...
google-cloud-platform
1
vote
0
answers
406
views
How to handle multi-domain user in ldap
I have an LDAP I have to create from scratch.
This will handle multiple domains, in which will be multiple apps. With multiple authorization based on each apps.
I don't want to duplicate users, and ...
- 173
0
votes
1
answer
70
views
Can any user inside a organization remove a project?
Recently, I have created a project to apply full permissions on a such google account from my organization. I realized that any account could enter and destroy any project.
I don't know if this is an ...
0
votes
1
answer
679
views
How to restrict/secure access to developer's server hosted on Internet
I am setting up two Ubuntu virtual private servers for my startup company.
The "public" server (let's call it www.example.com) shall contain the publicly open company web site and restricted but (...
0
votes
3
answers
715
views
Apache Allow Only Authorized Users to Access File
I have an existing web site that needs to link to a pdf file on our web-server. The problem is, ONLY users who have been authenticated by logging into the site should be able to view the file. I have ...
- 161
0
votes
0
answers
119
views
hHow to authorize Apache's users similar to Microsoft IIS?
I want to enable directory browsing in Apache and ask users to authenticate using openLDAP backend, and I want to set different groups for the folders inside Apache's web server.
My goal is not to ...
- 207
1
vote
0
answers
41
views
After a domain acct password change, what is the (max) length of time a windows service continue to run if not updated
I know the question is awkwardly phrased, and I also realize there are going to be multiple factors in this that don't lead to a single definitive answer.
I seem recall in the past, having services ...
- 131
3
votes
1
answer
10k
views
AuthorizedKeysCommand not getting executed
I'm trying to authorize SSH sessions using the AuthorizedKeysCommand in sshd_config. For some reason, the AuthorizedKeysCommand is not getting executed even though the SSH flow at least initiates the ...
- 69
2
votes
1
answer
2k
views
How to tell Apache to reply with 403 instead of 401?
We have some rules for a subtree of Locations, which involve Require-ing ldap-group and expr-s.
The user is duly challenged to supply login-credentials, which are verified.
However, even when the ...
- 2,347
1
vote
0
answers
3k
views
Difference between DOMAIN\username and User Logon Name causing problems with .NET Authorization Rule
I am currently having trouble with some IIS .NET Authorization Rules which are restricting access to an site based on the AD Group Membership.
The groups are configured as Global Groups, with names ...
- 111
0
votes
1
answer
206
views
Authorization required to install jzos batch launcher
We are trying to install the JZOS Batch Launcher. The function consists of three pieces: a load module that must be put into a z/OS PDSE, a sample start proc that can be tailored and put into an ...
0
votes
0
answers
360
views
Authorize users on a reverse proxy and redirect them to two different addresses if they have/do not have permission?
I need to create a "maintenance mode" reverse proxy that can be easily toggled between "open" (allow all connections) to "maintenance" (only allow connections from AD users in a specific security ...
