Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

0 answers

Is there any way to get an AD bound linux system to mount home directories from a Windows server?

We've been experimenting with integrating linux systems into what is largely a Windows domain, with a Windows-based Active Directory server. After considerable trial and error, we have successfully configured sssd (on RHEL, CentOS, and Ubuntu) to…

asked Oct 30 '18 at 21:13

pgoetz

votes

3 answers

What is the minimum action required in order to have access to a newly authorized server folder

I hope I'm at the right place (right stack exchange website). If not please tell me the right one. I got new rights on a folder on a Windows server by being added to Active Directory Group for which I didn't had access. But although I had rights, I…

permissions kerberos login directory logoff

asked Sep 25 '18 at 20:00

Eric Ouellet

votes

1 answer

Why is '-o sec=krb5p' unnecessary in the mount command?

I have a nfs server on Centos 7 with this in the /etc/exports file: /export *(rw,sec=krb5p) When I issue this command, it mounts successfully, as expected: mount -t nfs -o sec=krb5p server.example.com:/export /mnt/export It also mounts successfully…

centos security nfs mount kerberos

asked Sep 04 '17 at 02:09

SauceCode

votes

2 answers

Use cases for kerberos credential cache type MEMORY?

One of the credential cache types offered by MIT Kerberos is MEMORY. According to the documentation it is used by kadmin. MEMORY caches are for storage of credentials that don’t need to be made available outside of the current process. For example,…

linux kerberos mitkerberos

asked Jun 16 '17 at 19:43

rlf

votes

1 answer

How to change ccache type of MIT Kerberos

The MIT Kerberos Documentation lists seven different ways to store Kerberos credentials: API DIR FILE KCM KEYRING MEMORY MSLSA At the moment my Kerberos setup is storing credentials in a file in the /tmp directory. In my krb5.conf file the…

ubuntu authentication kerberos single-sign-on mitkerberos

asked Jun 14 '17 at 15:49

arne.z

votes

2 answers

Is there a way to query the realm of a kdc?

I've been trying to configure kinit to authenticate against a Windows Active Directory PDC. But keep getting the result: kinit: Realm not local to KDC while getting initial credentials My krb5.conf has: [libdefaults] clockskew = 300 …

active-directory redhat kerberos

asked Jun 12 '17 at 12:30

user55570

votes

0 answers

How can I test network connectivity to a Keberos KDC (UDP/88)

How can I test network connectivity to a Keberos KDC (UDP/88)? Does Kerberos have a standard way to communicate that gives any output? HTTP for example, nc -v google.com 80 GET will dump the website nc -v smtp.gmail.com 587 ehlo…

linux-networking kerberos troubleshooting netcat mitkerberos

asked Jun 01 '17 at 20:52

Jacob Evans

7,636
3
25
55

votes

5 answers

Automatic Kerberos Host Keytab Renewal with SSSD

Has anyone here seen their Linux servers removed from AD domain due to expired machine credentials? We are using AD authentication with sssd-1.13.3-56.el6 (Centos 6) Per "https://bugzilla.redhat.com/show_bug.cgi?id=1290761", sssd should be able to…

active-directory kerberos sssd

asked May 24 '17 at 15:49

BBDG

votes

0 answers

Centos 7 SSSD based user access stops working after AD password change

We use SSSD to provide AD authentication, and kerberos TGT acquisition, on Centos 7.3 build 1611. This works correctly for 99% of users most of the time, but we've hit an issue where post-password change (via Windows PC), a single user can no longer…

centos active-directory ssh kerberos sssd

asked Apr 21 '17 at 12:59

SiCole99

votes

1 answer

Unable to mount kerberized nfs?

I want to configure kerberized nfs, and export /data/books I have 3 servers: ipa, server, client I configured ipa and added nfs service. My Steps are: In ipa: ipa service-show nfs/server.linux.rhce.com ipa-getkeytab -s ipa.linux.rhce.com -p…

centos kerberos nfs4

asked Mar 09 '17 at 09:48

heaprc

votes

1 answer

kinit: Cannot find KDC for realm

I'm trying config samba4 as domain controller following samba wiki /etc/resolv.conf : domain transbekk.lan nameserver 192.168.1.1 nameserver 192.168.1.254 /etc/hostname : domain.transbekk.lan /etc/samba/smb.conf # Global parameters [global] …

domain-controller kerberos samba4

asked Feb 23 '17 at 23:14

Mezoo

votes

0 answers

Is section logging in krb5.conf works on the kerberos client?

Client /etc/krb5.conf: ... [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log ... Kerberos client worked, but log files are empty... write permissions on files granted to all.

kerberos mitkerberos

asked Feb 18 '17 at 13:56

jBee

votes

1 answer

Kerberos service on win2k dc will not start following disk failure

I have a win2k (mixed mode domain) with 4 DCS. One of these also acts an exchange 2000 server which uses 2 logical volumes from an MSA 2000 array. AD etc is stored on local drives. We experienced a problem last week when the raid array fell back to…

active-directory kerberos

asked Nov 09 '09 at 13:07

iwilson68

votes

1 answer

Kerberos "Server not found in kerberos database" using SSH and -K Flag to Linux Machine joined to AD

I have a situation where I am attempting to take advantage of GSSAPI (Kerberos) forwarding to connect to another Linux server that is also joined to a Windows AD and using SSSD. The Linux machines are joined to the domain using a different machine…

linux active-directory kerberos sssd

asked Jan 20 '17 at 20:23

Thomas Farvour

votes

1 answer

Configuring Google Chrome to Connect to AD Configured with Kerberos and Using ADFS

I'm trying to configure Google Chrome (and Firefox) to authenticate using Active Directory tunneled through ADFS SAML/Kerberos Endpoints and an Apache application using Shibboleth. Here are some settings I have inside each machine. Active Directory…

windows-server-2012-r2 kerberos adfs google-chrome saml

asked Dec 29 '16 at 23:37

Franz Noel

Prev 1 2 3

…

75 76 Next