I have tried to register an account from Pidgin chat client to Mongoose Instant Messaging server. But, I would like to confirm whether the account has been registered successfully in the server ? Could any one please let me know, where I can see all the registered account details in the Mongoose Instant Messaging server ?
You can see the registered users in your server with the command
mongooseimctl registered_users localhost
Assuming you have access to the server where mongooseim is installed.
Related
In our organization we have 3 servers running on aws, one of linux main server with ldap account manager (LAM) configured on it. And other two are (linux client server and windows server). I've configured linux client server with (LAM) and also able to authenticate (lAM users with linux client server) but facing issue in authentication of LAM users with windows server ec2 machine. please help me in this regard if community has better solution for it. thanks!!!
i tried different methods just like Microsoft AD domain service but not get result
just want to know want do I need to license with RDS CAL based on the work flow below. We have this Server A where users connect to it to select the application they want to access by login their credentials. Once the users was approved on Server A it will communicate with Server B (where application
and RDSH also installed) to server the application needed by the user. Server A uses it's own account when communicating with RDSH server. My question is do I need RDS User CAL for those users or just the RDS Device CAL is enough?
I am trying to understand better how Kerberos is integrated in Active Directory but I couldn't find a clear answer to this question from the Microsoft documentation.
I understand the process of getting a service ticket to a service from the KDC: client presents his TGT to the KDC along with a request to a specific service, the KDC will send back a service ticket to the client and the client uses this service ticket when accessing the service.
My question is: can I configure the KDC (Active Directory) to refuse to grant a service ticket to specific services for specific users/groups ?
I've tried to search the web for this and play around with configurations in order to achieve this, but I am beginning to suspect that the service ticket only role is to tell the service that "this user is indeed from the legitimate domain" and therefore a service ticket can be given to anyone on the domain. So for example in the case of CIFS (file server) even if I remove all shares from a computer, I can still see that every user can see this computer (i.e via \computer) and by running "klist tickets" I also see that they are granted a ticket to the CIFS service for "computer" even when they can't see any shared folder or drive on it. So specifically in this example, can I somehow make it so that a specific user will never be given a "CIFS" type service ticket for this computer ?
Not with Kerberos. It has been designed for authentication only. You wan't authorization. This is a different problem area.
This is non-trivial to setup but with Windows Server 2012 R2 AD, this is possible to do. Take a look at Authentication Policies & Siloes - http://technet.microsoft.com/en-us/library/dn486813.aspx
I have an cloud sql instance up and running and have made a link using a jdbc driver to the instance ip using android studio project. I can successfully run queries from an ip address that I insert manually into the google cloud sql settings and not any other network. This makes my app accessible only from certain ip addresses. Is there a way i can authenticate my google cloud sql to all ip addresses. I do not wish to use the google app engine if possible as I believe it will only complicate my application. My app works well enough is there an easy way to access my sql from any network having supplied my username and password in the code itself?
You can use the console to authorize 0.0.0.0, which will allow connections from any IP address. However, this is not necessarily a good solution. If you embed your database's username and password in your Android app, it can be found by someone else taking apart the apk. If they do that, they will then have complete access to your database. It is more complicated, but you should put some kind of server in front of your database, and have the user authenticate with that server/application, and only have that server communicate directly with your database.
Can a computer that is NOT a part of the domain (but is on the network) authenticate against to a web site published by IIS8 where the authentication for that site is "Windows Authentication" only with a single provider of "Negotiate:Kerberos" (and with Kernel-mode authentication disabled)?
I ask because I am trying to do just this, but I cannot get past the authentication to the site (yet alone trying to pass the authentication to the database). I see the "WWW-Authenticate: Negotiate" header on the response to the client, but the client only ever seems to send a "NTLM Type1: Negotiation" (NTLMSSP) in the subsequent (re)requests. Either that or I am interpreting the results from Fiddler2 incorrectly!
I am using Kerberos as most of the clients will be domain computers and I need to pass user credentials from the web application back to the database. I was hoping that I would be able to do the same with non-domain computers and they would simply be prompted for a username/domain/password that would be validated and converted to a Kerberos ticket on the server.
Note that for testing purposes, Windows 8 is both the server and the client. In production, the server will be Windows 2008 Server R2 and the client will be primarily Windows 7 (though there will be some Windows 8 clients).
Kerberos will not work on accounts/computers which are not part of the domain.
You have two options to achive your goal:
Request the user data with Basic auth and pass that to LogonUserEx. See this for answers.
Authenticate the user by other means and use S4U2self (protocol transition).