Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
4
votes
1 answer

Active Directory Kerberos issue KDC_ERR_S_PRINCIPAL_UNKNOWN

We are implementing a system where our clients are Windows XP and our server is Windows Server 2008 R2. Ours clients use DCOM to connect COM+ components in our Windows 2008 Server. It works fine when the user defined in our COM+ package is a local…
Simon
  • 43
  • 1
  • 3
4
votes
2 answers

Is there a Kerberos testing tool?

I often use openssl s_client to test and debug SSL connections (to LDAPS or HTTPS services). It allows me to isolate the problem down to SSL, without anything getting in the way. I want to do something similar with Kerberos. I would like to use a…
ixe013
  • 928
  • 2
  • 7
  • 25
4
votes
1 answer

Kerberos issues after new server of same name joined to domain

Environment: Windows Server 2012, 2 Domain Controllers, 1 domain. A server called Sharepoint1 was joined to the domain (running Sharepoint 2013 using NTLM). The fresh install for Sharepoint1 (OS and Sharepoint) is performed and set up for Kerberos…
MentalBlock
  • 41
  • 1
4
votes
2 answers

Setting up a Mac Mountain Lion NFS client to securely access Debian NFS server

Okay, I’m going just about insane here. Trying to set up an OS X (10.8.2) NFS client to connect to Debian (6.0.6) nfs server. I’ve mostly been following instructions here: https://help.ubuntu.com/community/NFSv4Howto which are very thorough.…
andrewf
  • 271
  • 1
  • 3
  • 8
4
votes
0 answers

Grant Kerberos Constrained Delegation to SQL Server 2012 running as Managed Service Account

I can't see how to grant Kerberos Constrained Delegation for a service identified by a Managed Service Account. I have a Windows 2008 R2 functional level single domain single forest, two 2008 R2 SP1 DCs, newly built. I have installed my new SQL…
Alasdair C-S
  • 329
  • 1
  • 7
4
votes
2 answers

Apache: how to set custom 401 error page and save original behaviour

I have Kerberos-based authentication with Apache/2.2.3 (Linux/SUSE). When user is trying to open some url, browser ask him about domain login and password like in HTTP Basic Auth. If user cancel such request 3 times Apache returns 401 Authorization…
petRUShka
  • 293
  • 1
  • 5
  • 16
4
votes
1 answer

Firefox not using Kerberos despite being configured to

I am deploying Linux/Firefox on a corporate Kerberos network. I followed this Kerberos-on-Firefox procedure but still Firefox does not connect via the company's Kerberos. I am using Firefox 3.0.18 on RedHat EL Server 5.5 Here is what I did: Run…
Nicolas Raoul
  • 1,314
  • 7
  • 22
  • 43
4
votes
1 answer

Credentials can not be delegated - Alfresco Share

I've hit a brick wall configuring Alfresco 4.0.d on Redhat 6. I'm using Kerberos authentication, it seems to be working normally, and single sign on is working on the main alfresco app itself. I've been through the configuration steps to get the…
leftcase
  • 710
  • 3
  • 9
  • 18
4
votes
2 answers

Kerberos authentication through load balancer

I generally understand the problems that a load balancer poses for Kerberos. In fact, Microsoft's KB article outright states that it's not possible. However, this article - also on an MS site - suggests that there are possible workarounds. Has…
bmm6o
  • 245
  • 2
  • 3
  • 6
4
votes
3 answers

Apache2, Kerberos: gss_accept_sec_context() failed: An unsupported mechanism was requested

I want to use Kerberos and Apache 2 on linux with mod_auth_kerb. I added .htaccess to my project with following: #SSLRequireSSL AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd Off KrbAuthRealms…
petRUShka
  • 293
  • 1
  • 5
  • 16
4
votes
1 answer

How can I inspect why Active Directory can't use kerberos and fallsback to NTLM?

I have been trying to get squid running with kerberos auth for a few days but I'm in some trouble. The problem has been asked and replied many times on both the squid-users list and on the web, I have read them all, and tried to solve the problem.…
Muhammet Can
  • 161
  • 1
  • 6
4
votes
1 answer

Will IE send a Kerberos ticket if not in a Domain?

I'm trying to test a Kerberos-based SSO solution for our Java app. Unfortunately, I don't have a Windows domain at my disposal to do so. I read about the ability to integrate Windows with a standalone, non-Microsoft Kerberos…
Aron
  • 205
  • 2
  • 7
4
votes
2 answers

Multiple SPNEGO authenticated web servers on one host name

I was trying to set up a Java service using the SPNEGO servlet filter and a listen port of 8080 for authentication on a host that is also running web applications hosted in IIS7. I followed the SPNEGO installation instructions and created an SPN for…
themel
  • 274
  • 1
  • 7
4
votes
3 answers

Kerberos Delegation for SQL Bulk insert (access denied)

I have a problem when trying to bulk insert to SQL under the following situation: Running management studio on Workstation A SQL Running on Server B File to bulk upload from located on Server C When ever I try and bulk upload I get the…
Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
4
votes
1 answer

OpenLDAP Setup help: SASL/GSSAPI authentication started

I am trying to setup & configure OpenLDAP on Fedora Core 13. I've gotten as far as compiling and installing OpenLDAP v2.4.23. Whenever I try to run one of the LDAP commands (like ldapsearch), I get the following error message: SASL/GSSAPI…
miCRoSCoPiCeaRthLinG
  • 285
  • 1
  • 5
  • 17
1 2 3
75 76