Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

5 answers

Why use Kerberos instead of NTLM in IIS?

This is something that I've never really been able to answer as well as I like: What is the real advantage of using Kerberos authentication in IIS instead of NTLM? I've seen a lot of people really struggle to get it set up (myself included) and I…

asked Apr 01 '11 at 23:04

Infotekka

votes

2 answers

Can someone please explain Windows Service Principle Names (SPNs) without oversimplifying?

I have wrestled with service principle names a few times now and the Microsoft explanation is just not sufficient. I am configuring an IIS application to work on our domain and it looks like some of my issues are related to my need to configure http…

windows windows-server-2008 security active-directory kerberos

asked Jan 17 '12 at 20:16

Chris Magnuson

3,701
9
40
45

votes

2 answers

What is SASL/GSSAPI?

Numerous times i have met the expression SASL/GSSAPI. I have searched Google many times, but i simply do no understand what it is and how it relate to Kerberos. Anybody that have a simple explanation on this?

linux kerberos sasl

asked May 08 '10 at 19:14

NT332

votes

2 answers

Authenticating OpenBSD against Active Directory

Edit: Reformatted this as Q&A. If anyone can change this from Community Wiki to a typical question, that's probably more appropriate as well. How can I authenticate OpenBSD against Active Directory?

active-directory authentication kerberos openbsd

asked Jun 05 '09 at 01:53

sh-beta

6,756
7
46
65

votes

3 answers

How does Kerberos work with SSH?

Suppose I have four computers, Laptop, Server1, Server2, Kerberos server: I log in using PuTTY or SSH from L to S1, giving my username / password From S1 I then SSH to S2. No password is needed as Kerberos authenticates me Describe all the…

linux ssh authentication kerberos

asked Nov 10 '11 at 19:34

PhilR

votes

6 answers

How do I get /dev/random to work on an Ubuntu virtual machine?

Apparently, /dev/random is based on hardware interrupts or similar unpredictable aspects of physical hardware. Since virtual machines don't have physical hardware, running cat /dev/random within a virtual machine produces nothing. I'm using Ubuntu…

ubuntu virtual-machines kerberos random-number-generator

asked Aug 24 '11 at 05:04

Nick

4,433
29
67
95

votes

2 answers

The Story of secure user-authentication in squid

once upon a time, there was a beautiful warm virtual-jungle in south america, and a squid server lived there. here is an perceptual image of the network: | | …

security authentication ldap squid kerberos

asked Jun 16 '10 at 12:28

Isaac

votes

1 answer

IPA vs just LDAP for Linux boxes - looking for a comparison

There are few (~30) Linux (RHEL) boxes and I'm looking for centralized and easy managed solution, mostly for control user accounts. I'm familiar with LDAP, and I deployed a pilot of IPA ver2 from Red Hat (==FreeIPA). I understand that in theory IPA…

linux ldap kerberos freeipa

asked Jun 16 '13 at 12:57

Vitaly Karasik DevOps

votes

8 answers

How do you find out if Active Directory is using Kerberos or NTLM?

Is there a command line program you can use?

active-directory kerberos ntlm

asked Jun 25 '09 at 20:27

LeWoody

votes

3 answers

Getting Squid to authenticate with kerberos and Windows 2008/2003/7/XP

This is something I setup recently and was quite a big pain. My environment was getting squid to authenticate a Windows 7 client against a Windows 2008 Server invisibly. NTLM is not really an option, as using it requires a registry change on each…

windows-server-2008 active-directory windows-7 squid kerberos

asked Sep 18 '09 at 05:58

Harley

2,177
6
25
29

votes

2 answers

Why don't Active Directory user accounts automatically support Kerberos AES authentication?

I'm playing around with a test domain on Windows Server 2012 R2. I'm operating at the highest possible functional level and have no backwards-compatibility issues in my small test environment. However, I've realized that despite the fact that I have…

active-directory kerberos windows-server-2012-r2 encryption

asked Jul 30 '14 at 04:19

Reid Rankin

votes

4 answers

Linux Central Authentication/Authorization Methods

I have a small but growing network of Linux servers. Ideally I'd like a central place to control User Access, change passwords, etc... I've read a lot about LDAP servers, but I'm still confused about choosing the best authentication method. Is…

linux authentication ldap kerberos authorization

asked Feb 14 '11 at 16:05

Chris McBride

votes

9 answers

Kinit Won't Connect to a Domain Server : Realm not local to KDC while getting initial credentials

I am setting up a testbed environment where Linux (Ubuntu 10.04) clients will authenticate to a Windows Server 2008 R2 Domain Server. I am following the official Ubuntu guide to set up a Kerberos client here:…

linux active-directory kerberos kinit

asked Aug 03 '10 at 19:04

Phanto

votes

5 answers

Kerberos Authentication for workstations not on domain

I have a base understanding of how Kerberos works in an Active Directory environment and the methods it uses to authenticate users and workstations onto the network, but my question is.. since Kerberos relies on issuing a security token that the end…

active-directory domain authentication kerberos authorization

asked Dec 06 '12 at 18:37

Eric

votes

1 answer

Why is MS SQL Server Using NTLM Authentication?

Windows Server 2008 R2. SQL Server 2008 R2 installed. MSSQL Service runs as Local System. Server FQDN is SQL01.domain.com. SQL01 is joined to an Active Directory domain named domain.com. The following is the output of setspn: C:\> setspn -L…

sql-server kerberos sql-server-2008-r2 spn

asked May 17 '14 at 02:50

Ryan Ries

55,011
9
138
197

2 3

…

75 76 Next