[krbdev.mit.edu #9140] Kerberos Linux to Windows authentication broken

[Yevhenii Lavrenchuk via RT]

Wed Sep 18 18:02:55 2024: Request 9140 was acted upon.
 Transaction: Ticket created by y.lavrenchuk at sana-commerce.com
       Queue: krb5
     Subject: Kerberos Linux to Windows authentication broken
       Owner: Nobody
  Requestors: y.lavrenchuk at sana-commerce.com
      Status: new
 Ticket <URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9140 >


Dear Kerberos team,

Recently, we've faced the issue in our application that it can't authenticate Windows server using NTLMSSP authentication method.
Our application is hosted on Alpine Docker image 3.20. There is a krb5-1.21.3-r0 package installed there.
Previously we've used Alpine 3.18 + krb5-1.20.2-r0 and it worked fine and still working fine.
Also there is gss-ntlmssp(https://github.com/gssapi/gss-ntlmssp) package that was built manually (since there is no such package for Alpine) and placed inside the Docker image.

Our application is just throwing error "Authentication validation failed with error - InvalidToken.".
I've tested this on PowerShell as well and faced the same error: "Invoke-RestMethod: Authentication validation failed with error - InvalidToken."

Do you have any resolution or maybe some pinpoints to get to resolution of it?

Thank you in advance.

Kind regards,

Yevhenii Lavrenchuk | Senior DevOps Engineer

www.sana-commerce.com<http://www.sana-commerce.com/>

[cid:image001.png at 01DB09D3.3AECF9C0]<https://www.sana-commerce.com/>

Follow us on: LinkedIn<https://www.linkedin.com/company/sanacommerce/> | Twitter<https://twitter.com/sanacommerce> | Facebook<https://www.facebook.com/sanacommerce> | YouTube<https://www.youtube.com/sana-commerce>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 17503 bytes
Desc: not available
URL: <http://mailman.mit.edu/pipermail/krb5-bugs/attachments/20240918/038a933d/attachment-0001.png>