w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Cloudera Hadoop access with Kerberos gives TokenCache error : Can't get Master Kerberos principal for use as renewer
It seems that you have not config the kerberos for yarn. Add the follow configure in your yarn-site.cml <property> <name>yarn.nodemanager.principal</name> <value>yarn_priciple/fqdn@_HOST</value> </property> <property> <name>yarn.resourcemanager.principal</name> <value>yarn_priciple/fqdn@_HOST</value> </property>

Categories : Hadoop

Authentication between two Kerberos
This is serverfault.com Cyrus and the implemented SASL version do not care what the KDC is as long as it is a KDC. So you rather put them in your krb5.conf or better yet, use DNS lookups.

Categories : Authentication

Datastax with Kerberos - TTransportNegotiationException
The second error indicates that the cassandra-cli connection is not secured: Requested auth: No authentication with service principal: FRAMED_TRANSPORT_FAKE_PRINCIPAL Allowed auth: Kerberos Are you running cassandra-cli from one of the nodes in the secure DSE cluster or from a remote machine outside the cluster?

Categories : Database

Differences in APIs to access Kerberos
First of all, today's Kerberos is version 5, so point 1 and 3 are the same. Kerberos is a low level authetication mech whereas GSS-API is a high level API supporting multiple mechs through their OIDs. In this case, you use Kerberos indirectly through GSS-API and OID 1.2.840.113554.1.2.2. You never use Kerberos directly. What type of API do you want to design? Changing AD passwords should best happen directly through a user...unless you have a compelling reason not to.

Categories : Javascript

how do i renew a kerberos service ticket using GSS API
Does the service ticket contain a RENEWABLE flag? You cannot renew any tickets with the GSS-API. This must be done with the mechanism below by other means. GSS-API is too high-level, it actually does not know anything about the underlying mech -- in this case Kerberos -- technique. This shouldn't bother you actually, as long a service ticket is cached in the CC, the API will/should reuse it with new context. Since SMB is session-based, you must have a new GSS context for that. If you stil want to tamper with the mechanics below, study this site. Though I would not recommed this.

Categories : C

spring security using kerberos/spnego authentication
Tell Spring Security to cache the authentication in the HTTP Session. Here is how.

Categories : Spring

Kerberos delegation doesn't work in chrome
Does the value you entered have the quotes in it? Try entering * with no quotes. Shut down Chrome entirely (check task manager to make sure) and then try again. If you use "*" with the quotes it will not work.

Categories : Security

WCF Interoperability Kerberos SPNego Enabled Web Service
The best is if you can get a sample working request/response pair (or multiple messages in case of spnego) generated by one stack (e.g. client and server are java). Then it will be a game of tuning WCF to one of these messages. Currently there is too much unknown. Also AFAIK SPNEGO is a WCF only supported protocol (=windows credential negotiation at SOAP message level) so may be the server uses something else. The specific error you got may imply that the server uses SOAP11 while you send SOAP12 (e.g. you may need basic http binding). But any config change must be done in the context of knowing more about which SOAP the server allows.

Categories : Wcf

Kerberos authentication not running when client and server on same machine
IE and all browsers using SSPI send by default a NTLM token in this case. See Are the client and server on the same box?. The issue is described in MS's knowledge base with possible solutions.

Categories : Java

Kerberos SSO : high level flow and ldap access
If anyone's interested, I found the problem. It seems that apacheds, when using SaslGssApiRequest, it builds the service's principal name out of the hostname placed in config.setLdapHost("example.com"); Although in my setup, ldap.example.com and example.com point to the same machine, my LDAP service principal name was LDAP/ldap.example.com, but apacheds would attempt to find LDAP/example.com . Changing config.setLdapHost("example.com"); to config.setLdapHost("ldap.example.com"); solved my problem.

Categories : Java

Chrome: How to get ajax request to work with kerberos if not already authenticated
I figured out the issue. The REST API had an additional authentication layer that used the "Authorization" http header to set an api-key. After removing this security layer, everything worked fine. I'm going to leave this question up in case anybody else makes the same mistake.

Categories : Ajax

Authetication from a Kerberos authenticated machine to an NTLM server
You can't. Kerberos has nothing to do with NTLM. Absolutely nothing. NTLM is Windows only. All you can do is to login with your Windows user/pass and perform NTLM auch. Though I would strongly recommend making your SharePoint Kerberos-capable which is less than an hour work.

Categories : C#

Set up Kerberos Authentication with Delegation on IIS 7 w/ Windows Server 2008
Try this: Move Negotiate to the top of the Providers' list. And, in the applicationHost.config file usually under C:WindowsSystem32inetsrvconfig, add useKernelMode="true" useAppPoolCredentials="true" to the <windowsAuthentication> tag under the <location> tag for your application, like below: <location path="YOUR_APPLICATION_PATH"> <system.webServer> <security> <authentication> <anonymousAuthentication enabled="false" /> <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="true"> <providers> <clear /> <add value="Negotiate" /> <add value="NTLM" /

Categories : Authentication

How to connect to mongodb using Kerberos from a Java application server
The 10gen/MongoDB provided Java Driver only support Kerberos authentication via kinit. To have the Tomcat instances authenticate with different principals you will not only need to run different instances but those instances will have to be running under different system accounts. This is due to kinit savint the credentials/tickets in a file in the system's temporary directory. This is why you can kinit in one terminal and then login to servers from a different terminal. The credentials are global for the account and realistically you can only have 1 principal being used for the account at one time. This is one of many reasons we find kinit to be unsatisfactory to running services. I work on the Asynchronous Java Driver and it supports 3 mechanisms for providing credentials for Kerbero

Categories : Mongodb

Simple User/Password authentication for HiveServer2 (without Kerberos/LDAP)
In essence, you have to provide a java application that can perform your authentication. Maybe you're authing to a mysql or postgres database, or a flat file, etc. You need to provide a jar that can implement the org.apache.hive.service.auth.PasswdAuthenticationProvider interface. A simple example: package org.apache.hive.service.auth.PasswdAuthenticationProvider.SampleAuth; import java.util.Hashtable; import javax.security.sasl.AuthenticationException; import org.apache.hive.service.auth.PasswdAuthenticationProvider; /* javac -cp $HIVE_HOME/lib/hive-service-0.12.0-cdh5.0.0-beta-2.jar SampleAuthenticator.java -d . jar cf sampleauth.jar hive cp sampleauth.jar $HIVE_HOME/lib/. */ public class SampleAuthenticator implements PasswdAuthenticationProvider { Hashtable<String, Str

Categories : Java

java http client for file upload to sharepoint using kerberos authentication
Finally after 10 days of research and search through many blogs, I got solution for my problem. I hope this helps someone needy: UPLOAD MULTIPLE FILES TO SHAREPOINT (KERBEROS AUTHENTICated): System.setProperty("java.security.krb5.conf", workareaFolder+"/"+props.getProperty("kerberos.conf.file")); System.setProperty( "java.security.auth.login.config", workareaFolder+"/"+props.getProperty("jass.conf.file")); System.setProperty( "javax.security.auth.useSubjectCredsOnly", "false"); krb5MechOid = new Oid("1.2.840.113554.1.2.2"); spnegoMechOid = new Oid("1.3.6.1.5.5.2"); shost= targetSPN.toLowerCase(); if (shost.startsWith("http/") || shost.startsWith("cifs/") ) { shost = shost.substring(5); } else { log.debug

Categories : Java

GetBlob() method not recognized even after importing oracle.sql.blob
the method signature should be Blob getBlob(String columnLabel) throws SQLException so, try writing the last three letters in lower case: blob = ((OracleResultSet) rs).getBlob("Document");

Categories : Eclipse

Alternative Method to Polling/Trigger a Table in Oracle?
It depends. Polling or triggers are often all you need depending on the volume of data involved, and the frequency of inserts/updates/deletes. For example, the polling method might be as simple as adding a column which is set to 1 by default, and updated to NULL when the row is "consumed" by the replication code. A trigger on the table would set it back to 1 if a row is updated. An index on this column would be lightweight (the index would only include entries for rows where the column is 1) and therefore fast to query. You'd need another table to handle deletes, though. The trigger method would merely write insert/update/delete rows into a log table of some sort, which would then get purged periodically by a job. For heavier volumes solutions include Oracle GoldenGate and Oracle Strea

Categories : Database

Javascript in Oracle Apex, "Cannot call method substr of undefined"
Well, it looks like link.attr('id') is undefined. So I would take a look to see if that link still has an ID attribute after your initial click. Chances are, the link was recreated and it wasn't created with an id the second time. First though, after your link, open up your DOM and see if the link still has the attribute.

Categories : Javascript

Making SASL(with GSSAPI) enabled client and server with LDAP+kerberos as authenticator? (Single Sign on SSO sytstem)
I could compile gsspapi program using libs and dll provided by MIT. the files I needed were gsskrb5.dll,gssapi32.lib,comerr32.lib These will depend upon the version of kerberos for which they were compiled but I was successful in compiling the example given by mit http://web.mit.edu/macdev/KfM/KerberosFramework/Kerberos5/Tools/GSSExample/ using MinGW gcc compiler after few tweaks. However I could not communicate successfully using SSPI api by microsoft (that may be due to my lack of knowledge)

Categories : C++

Java-6 to Java-7 Kerberos - breaking behaviour change sessionKey now AP-REQ.Authenticator.subkey
I don't see anything in the ExtendedGSSContext.inquireSecContext() doc to indicate that it returns the subkey if present for KRB5_GET_SESSION_KEY; do you know from some other source that it does? In any case, using the subkey is what you need to do. I would look at it this way: your original implementation was not correct, because the WSS Kerberos doc clearly states that the subkey is to be used if present. It just happened to work because the Java 6 Kerberos library did not generate a subkey. Now that one has appeared your bug is revealed, and you have to fix it. I'm not familiar with WSS, but the doc seems to indicate that you can choose various encodings for the token, and one is to use GSSAPI instead of a Kerberos AP-REQ directly. Perhaps if you had used GSSAPI to begin with, it woul

Categories : Java

Oracle: Fastest way to UPSERT and return the last affected Row ID in oracle for large data sets
If you're trying to return the maximum value of a sequence-generated PK on the table then I'd just run a "Select max(id) .." directly afterwards. If other sessions are also modifying the table then maybe reading the currval of the sequence would be better.

Categories : C#

Oracle 01830 error while converting string to date in oracle procedure
If you are passing in a string of the following format 01/08/2013 12:00:00 AM then in order to successfully convert that string into a date datatype you should use the following format mask 'dd/mm/yyyy hh:mi:ss AM' which includes meridian indicator: to_date(vDateFrom, 'dd/mm/yyyy hh:mi:ss AM') but how do i make it variable?it could be PM too Meridian indicators are interchangeable. For both strings 01/08/2013 2:00:00 AM and 01/08/2013 2:00:00 PM for instance, you can use date format model with one of the meridian indicators, whether it AM or PM. Here is an example: select to_date('01/08/2013 2:00:00 AM', 'dd/mm/yyyy hh:mi:ss AM') as res from dual Result: Res ----------- 01.08.2013 2:00:00 select to_date('01/08/2013 2:00:00 PM', 'dd/mm/yyyy hh:mi:ss AM') as res from du

Categories : Oracle

Oracle PL/SQL - How do i copy a large amount of data from one table to another using oracle collections
/* package header */ CREATE OR REPLACE PACKAGE perfrormance_test AS PROCEDURE nested_table; PROCEDURE associative_array; END perfrormance_test; /* package body */ CREATE OR REPLACE PACKAGE BODY perfrormance_test AS PROCEDURE nested_table AS /* select all records from source table */ CURSOR big_table_cur IS SELECT col1 , col2 , col3 FROM big_table; /* create nested table type and variable that will hold BIG_TABLE's records */ TYPE big_table_ntt IS TABLE OF big_table_cur%ROWTYPE; l_big_table big_table_ntt; BEGIN /* open pointer to SELECT statement */ OPEN big_table_cur; /* collect data in the collection */ FETCH big_table_cur BULK

Categories : SQL

Getting an error when try to connect to Oracle java.lang.ClassNotFoundException: oracle.jdbc.driver.OracleDriver
Add your Oracle JDBC Driver jar to the classpath Can download the driver for your Oracle Database Version from here

Categories : Oracle

OALL8 is in an inconsistent state in Oracle Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production
This post (Oracle: OALL8 is in an inconsistent state) suggest that it's an OJDBC bug that was related to the CURSOR_SHARING mode SIMILAR. So: Check with Oracle if a fix exists. Check whether there are any differences in the settings between development and production and fix them. Set Cursor Sharing to EXACT if it's set to a different mode.

Categories : Database

What is location of built in SQL functions and Oracle Packages in Oracle Database
The scripts to create the build-in functions, packages and procedures are stored on the database server machine. You have to find the value of the environment variable $ORACLE_HOME, and then go to $ORACLE_HOME/rdbms/admin/. Just use grep to find the file you're looking for. If the database server is a Windows machine, look at ECHO %ORACLE_HOME% at the command prompt and proceed from there.

Categories : SQL

getting date fields from oracle in correct format using Python and cx-oracle
You can use strftime. For example: >>> import datetime >>> print datetime.datetime.now().strftime("%Y-%m-%d %H:%M") 2013-08-13 13:10 In your case, this can make it: strftime("%d-%b-%Y") where: %b locale's abbreviated month name (e.g., Jan) %d day of month (e.g., 01) %Y year

Categories : Python

In SAS, how do I connect to a remote Oracle database by specifying the IP address of the Oracle's host?
To use SAS/Access to Oracle on your server "A", that server must have the Oracle networking client software installed and configured. Normally that is managed by an Oracle administrator on that server. It can be as simple as adding an entry into the tnsnames.ora file on your server that "points" to the Oracle instance running on your Windows machine "B". The details of what needs to be added should come from your Oracle DBA. Once you can successfully connect to that Oracle environment from your server "A" (using something like sqlplus or testing with the tnsping command), SAS will use the same connection. The point is that this does not have anything directly to do with SAS; you must set up the environment first. However, note that there are certain posit-installation steps that must

Categories : Oracle

Connect Oracle Forms builder to Oracle XE database, both 10G
You need to configure your DevSuiteHome environment to look at your OracleXE tnsnames.ora, or copy the tns entry from the OracleXE environment to the DevSuiteHome one... In my environments, I just set the TNS_ADMIN registry key in DevSuiteHome to point to the OracleXE TNS_ADMIN directory...

Categories : Oracle

Difference in oracle 11.2.0.1.0 and oracle 11.2.0.2.0 while inserting a value into the table using sequence
The problem may have to due with the fact that NOORDER is the default with Oracle Sequences, especially if you're running a RAC environment. http://docs.oracle.com/cd/B12037_01/server.101/b10759/statements_6014.htm I've learned that with Sequences, if I want to guarantee that they be sequential I usually have to add the following keywords when creating the sequence: CREATE SEQUENCE m1_id_sq ORDER NOCACHE; Edit to refer to above comments: As noted by Alex Poole in the comments above: "This shouldn't really matter anyway - you'll get gaps in sequences for other reasons so you shouldn't rely on it starting with 1" The NOORDER being the default for sequences explains this issue. Alex Poole also noted a known issue: Oracle Note 1050193.1 (requires an Oracle Support account) rela

Categories : Oracle

Why would Oracle.ManagedDataAccess not work when Oracle.DataAccess does?
Try to add the path to tnsnames.ora to the config file: <?xml version="1.0" encoding="utf-8" ?> <configuration> <oracle.manageddataaccess.client> <version number="4.112.3.60"> <settings> <setting name="TNS_ADMIN" value="C:oracleproduct10.2.0client_1NETWORKADMIN" /> </settings> </version> </oracle.manageddataaccess.client> </configuration>

Categories : C#

How do I export a 'database' from Oracle 11g XE and import it to Oracle 10.2?
EXP and IMP are ancient - do not use them unless you absolutely have to. They cannot handle some of the features of newer Oracle versions. The tools of choice are EXPDP and IMPDP (short for EXP datapump and IMP datapump). Unfortunately, using them is a little more complicated, because you can run them only on the database server (contrary to old-style EXP/IMP, which you could run from any client computer). So, to get your schema from the 11g source DB to the 10g target DB, you'll have to: open a terminal session on the 11g DB server run expdp with version set to 10 (so you can import it on the 10g server) copy the dump file fom the 11g server to the datapump directory of the 10g server (look for a directory called "dpump") open a terminal session on the 10g DB server run impdp with

Categories : Windows

Re-qwrite Oracle SQL using ANSI Oracle
Apart from the missing ON keyword for the LEFT OUTER JOIN, your query should be fine: SELECT emp_no, (SELECT emp_title FROM hr_v_employee WHERE organization_code LIKE SUBSTR(emp.depart_code, 0, 4) || '00' AND emp_position_code = (SELECT MIN(emp_position_code) FROM hr_v_employee WHERE organization_code LIKE SUBSTR(emp.depart_code, 0, 4) || '00')) || ' ' || NVL(employee_deptartment, '-') employee_deptartment FROM employees e LEFT OUTER JOIN employee_details o ON emp.emp_no = o.emp_no P

Categories : SQL

oracle -- Split multiple comma separated values in oracle table to multiple rows
Can use the below query to convert comma separated values in rows SELECT trim(x.column_value.extract('e/text()')) COLUMNS from t t, table (xmlsequence(xmltype('<e><e>' || replace(valuestring,':','</e><e>')|| '</e></e>').extract('e/e'))) x );

Categories : SQL

How to compare new value with the previous value in oracle form field when try to edit the paticular field in oracle
If I understand your description correctly, you want the form field to be editable only if the current value (retrieved from the row currently stored in the database, I presume) is NULL or in the future. To do that, I'd put some logic in the POST-QUERY trigger to disable the item, e.g. IF :MYBLOCK.MYDATEITEM <= SYSDATE THEN SET_ITEM_PROPERTY('MYBLOCK.MYDATEITEM', ENABLED, PROPERTY_FALSE); END IF; There are other ways of doing the same thing, e.g. by setting the following properties: IF :MYBLOCK.MYDATEITEM <= SYSDATE THEN SET_ITEM_PROPERTY('MYBLOCK.MYDATEITEM', NAVIGABLE, PROPERTY_FALSE); SET_ITEM_PROPERTY('MYBLOCK.MYDATEITEM', INSERT_ALLOWED, PROPERTY_FALSE); SET_ITEM_PROPERTY('MYBLOCK.MYDATEITEM', UPDATE_ALLOWED, PROPERTY_FALSE); END IF;

Categories : Oracle

Unable to connect to Oracle 11g using node-oracle driver for Node.js: are they compatible?
The solution was to use a recent patch to the module that hasn't been released yet. The current release is 0.3.1 of node-oracle. That version does not have the TNS support fix. If you check out the latest code for the module from github to a new directory and build it there ('npm link' in that directory) and then do npm link oracle from your project directory you will get the new version with the fix. We had to work through a number of permission problem which are most likely platform specific so I won't delve into those here. I have requested that the authors of the module release this patched version soon presumable as 0.3.2.

Categories : Node Js

Read Oracle stored procedure interface by procedure name using Oracle's .NET client
All relevant information about procedure/function parameters is located in the metadata view ALL_ARGUMENTS. For example: SQL> CREATE PACKAGE somePackage AS 2 PROCEDURE someProc (p_arg1 NUMBER, p_arg2 OUT VARCHAR2); 3 END; 4 / Package created SQL> SELECT package_name, object_name, position, argument_name, data_type, in_out 2 FROM user_arguments 3 WHERE package_name='SOMEPACKAGE'; PACKAGE_NAME OBJECT_NAME POSITION ARGUMENT_NAME DATA_TYPE IN_OUT ------------- ------------ --------- -------------- ---------- --------- SOMEPACKAGE SOMEPROC 1 P_ARG1 NUMBER IN SOMEPACKAGE SOMEPROC 2 P_ARG2 VARCHAR2 OUT

Categories : Dotnet

Need help in converting the clob to varchar in oracle, I have to use the varchar in case function of oracle
Unfortunately SQL in Oracle supports varchars up to 4000. Your function won't work in SQL queries. You can upgrade to oracle 12c which increases this limit up to 32767 characters. However there is a simple workaround that works on 11g, here is an example of CLOBs pivot for 3 columns: SELECT (select val from xx where rowid = a_rid ) a, (select val from xx where rowid = b_rid ) b, (select val from xx where rowid = c_rid ) c from ( select max( case key when 'A' then rowid end ) a_rid, max( case key when 'B' then rowid end ) b_rid, max( case key when 'C' then rowid end ) c_rid from xx ); Here is SQLFiddle demo with 3 strings, each of them contains 7996 characters. A result row in this demo is very wide, it has over 150 "horizontal

Categories : Oracle

java.lang.ClassCastException: oracle.sql.CLOB cannot be cast to oracle.sql.CLOB
I fixed the problem. Posting this answer, hoping it might be useful to someone. When I was checking the instance type of the CLOB retrieved by the query, it came up as oracle.sql.CLOB. So I assumed it must have been a version mismatch of ojdbc.jar. I checked my project a gazillion times for multiple copies of the ojdb.jar. There were none. Finally it turned out to be a clash between hibernate and ojdbc. I changed the reference to java.sql.Clob. Hibernate uses java.sql.Clob. This resolved the problem.

Categories : Java



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.