Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

Apache kerberos authentication to Active Directory not happening. (Is KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN related?)

My goal is to have Apache authenticate authenticate against AD, without prompting for a username and password, using Kerberos. It currently always shows "401 Unauthorized", and appears to be not trying Kerberos. I can't find any error logs, and can…

asked Nov 04 '14 at 17:55

TessellatingHeckler

5,676
3
25
44

votes

0 answers

GSSAPITrustDns option missing from OpenSSH-6.7

I need to use the GSSAPITrustDns option to connect to a round robin service using Kerberos authentication. This works correctly using OpenSSH 5.3 and 6.6.1p1 on a selection of machines. I have an Arch linux machine that has OpenSSH 6.7 and my…

ssh kerberos arch-linux

asked Nov 03 '14 at 14:55

Morphit

votes

2 answers

Joining a NetApp to a domain on a Read Only Domain Controller

I have an isolated network, into which I've built a vfiler. The point of this network is that it's a non routed 'test' network. However, there's a need for LDAP/Kerberos and CIFS access to the filer, via domain level accounts. So we have Read Only…

active-directory storage kerberos netapp rodc

asked Oct 14 '14 at 14:48

Sobrique

3,697
2
14
34

votes

1 answer

Kerberos-PAM authentication failure: pam or pre-authentication

kinit -p 'username' works -- no problem with the setup of the Kerberos realm. I can't get the login from the GUI to work, however. Client auth.log: pam_krb5(gdm3:auth): user authenticated as @ gkr-pam: error looking up user…

debian kerberos pam

asked Oct 01 '14 at 06:39

Aroll605

votes

0 answers

Cannot enable GSS-TSIG updates from Active Directory in BIND 9.10

I’m with a problem trying to enable GSS-TSIG with BIND 9.10. Before I start describing what I’ve done, I would like to say that I’ve already done this in in another domain without any problems. So I think I’m missing something very specific. If…

active-directory bind kerberos gssapi

asked Sep 01 '14 at 22:03

Vinícius Ferrão

5,400
10
52
91

votes

1 answer

FreeIPA: command-line tools do not work, 'No Kerberos credentials available'

We have a working FreeIPA installation, it's in production since February. Almost everything works as expected but when we try to run command-line FreeIPA-related tools none of them work: [admin@ipa ~]$ kinit admin Password for admin@EXAMPLE.COM:…

kerberos freeipa

asked Jun 30 '14 at 20:25

Alex

7,789
4
36
51

votes

1 answer

Kerberos, .k5login and sudo

Background: I am using a Debian 7 system which I have integrated with an LDAP+Kerberos system using libnss-ldap, libpam-krb5 and nscd. I have modified sudoers to permit an LDAP group the right to sudo and gain super-user privileges. Hence, I can log…

debian ldap kerberos sudo root

asked Jun 30 '14 at 10:50

Cosmic Ossifrage

1,610
14
23

votes

1 answer

SSH authentication mode selection

I am trying to figure out the SSH mechanism used while I try to ssh onto a production host. I see that the SSH client can choose among the available modes. But I'm not sure which mode is chosen and how. The SSHServer side sshd_config is configured…

ssh authentication kerberos ssh-keys

asked Jun 19 '14 at 02:10

broun

votes

4 answers

How to reset Keytab for FreeIPA Server and Client

I followed the standard documentation to install FreeIPA server and client on hosts 'SRV' and 'CLT' respectively. I then added a user 'X' to FreeIPA using Web UI. Now when i try to SSH as X to CLT, i get a 'Permission denied, please try again.'…

sssd freeipa kerberos

asked Mar 18 '14 at 12:46

Quest Monger

votes

1 answer

How can I force sudo to accept a user's AD password on RHEL6

In our environment we do not join Linux boxes to the Microsoft Domain. We do however setup Kerberos. This allows us to log into the boxes using our AD credentials as long as there is a local account with the same name. However, when I use sudo it…

kerberos sudo rhel6

asked Feb 27 '14 at 14:40

CJONES

votes

2 answers

Is there a way to have tortisesvn use Windows 7 kerberos tickets to auth against an apache svn server?

I have putty able to use gssapi on my Windows 7 x64 clients against kerberos logins for SSH. I.e. it forwards the ticket you get when you log in to windows. I can't figure out how to get tortiseSVN to do the same. I can get it to prompt me for my…

windows kerberos tortoisesvn gssapi

asked Nov 08 '13 at 20:51

jmp242

votes

2 answers

Web app running as NETWORK SERVICE can connect to SQL Server but windows service running as LOCAL SYSTEM cannot

I have installed a .net web application on a Windows Server 2003 IIS server, running in an Application Pool as NETWORK SERVICE and connecting to SQL Server on a different machine using Integrated Security. The SQL Server machine is also running…

sql-server authentication kerberos .net windows-authentication

asked Sep 08 '13 at 17:05

Rory

votes

0 answers

Server not found in Kerberos database while getting credentials for imap

When running kvno imap/prueba-mail.ejemplo.org@EJEMPLO.ORG get the following error: kvno: Server not found in Kerberos database while getting credentials for imap/prueba-mail.ejemplo.org@EJEMPLO.ORG I show the settings and steps taken as well as…

active-directory kerberos imap single-sign-on

asked Jul 19 '13 at 19:49

Maria José

votes

1 answer

Kerberos says there is no KDC at my server's location while getting initial credentials

This is probably some stupid error I've overlooked, but I've been working on this on and off for about a week. Running version 1.10.3 release 17.fc18 This is my krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc =…

kerberos

asked Jun 26 '13 at 02:02

Niles

votes

1 answer

kerberos cifs multiuser mount from AD PDC

I'm trying to mount a cifs folder on a ubuntu server with multiuser support from a windows DC. I can get user kerberos tickets as root on the server and mount the directory with kerberos without any problems. But I don't want to mount the directory…

linux samba cifs kerberos

asked May 17 '13 at 08:39

Meiko Watu

Prev 1 2 3

…

75 76 Next