Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
3
votes
1 answer

Kerberos Ticket Expiry what happens?

I have noticed a couple of messages about my Kerberos credentials expiring. What does this actually mean and what will happen when they expire? How do I renew them? Is it just a case of logging in again? -bash-3.00$ Message from…
pjp
  • 133
  • 1
  • 6
3
votes
1 answer

"net ads join" fails in puppet exec but runs OK directly from command line

I have the following exec that joins a Linux (CentOS 6) host to an Active Directory domain. When run as root from the bash terminal, it runs successfully and the host is joined to the AD domain properly. However, when run in puppet, the net ads…
Banjer
  • 3,854
  • 11
  • 40
  • 47
3
votes
3 answers

Completely uninstall Kerberos on Ubuntu Server

I am experimenting with Kerberos and messed up the installation. I've tried editing the config files but have had no joy in resolving my problems which currently consist of not being able to initialise the realm and not being able to create an admin…
Ashley Bye
  • 131
  • 1
  • 1
  • 5
3
votes
0 answers

How Does an Exchange Alternative Service Account Credential work?

I recently had to assist with setting up an Exchange Alternative Service Account (ASA) credential on an Exchange CAS array. We did get the ASA working properly however I have some questions about how ASA Credientials work under the hood. The…
lowteq
  • 31
  • 2
3
votes
2 answers

mounting windows shares on linux while keeping windows permissions

I have a windows share on a windows2003 server (WINJOE) which I want to back up to a Linux machine (LINUXJOE) that is properly joined to the domain. My goal is to backup shared folders of WINJOE to LINUXJOE while keeping windows permissions/owners.…
manjiki
  • 350
  • 3
  • 11
3
votes
1 answer

IIS Kerberos authentication

On windows 2003 using IIS 6, we are trying to set up Kerberos authentication. This is working to some extent. I have setup a separate application pool with a service account. When ever I use this application pool with the pplinfo service account the…
Antony Delaney
  • 145
  • 5
3
votes
2 answers

Root access to kerberized NFSv4 host on Ubuntu

I have a kerberized NFSv4 setup working well under Ubuntu for regular users, but I cannot get it working for root. For most systems, I do not want to allow root access, but I have a couple servers where root access over NFS to this file server is…
nrb
  • 93
  • 1
  • 6
3
votes
1 answer

Duplicate SPNs causing NTLM fallback

I have duplicate SPNs which are threatening to downgrade the authentication from Kerberos to NTLM showing in the event viewer. How can I safely remove the duplicate SPN's for a SQL account? I have verified these duplicates using setspn -X. The SQL…
user182599
  • 31
  • 1
  • 2
3
votes
1 answer

replace Lock screen with Switch Account screen

User successfully logs in as user@EXAMPLE.COM . User is then mapped to user@ad.example.com via altSecurityIdentities: Kerberos:user@EXAMPLE.COM When the user locks the screen, the lock screen is for user@ad.example.com, which the user does not have…
84104
  • 12,698
  • 6
  • 43
  • 75
3
votes
1 answer

SPNs and Kerberos Delegation

I would like to check my understanding. This is a fully hypothetical scenario below as I am currently studying for a certification. I have an IIS App Pool with a basic website, which accesses data from a SQL Backend. I want to setup Kerberos…
PnP
  • 1,684
  • 8
  • 37
  • 65
3
votes
1 answer

How to enable Kerberos Authentication Service auditing on 2008 server

I have a 2008-level Windows domain running 5 x 2008 (non-R2) DCs (it's on the roadmap to migrate to R2 or possibly 2012 in the next 9-12 months, but this project needs to be working first), and I need to enable Kerberos Authentication Service events…
Jon Heese
  • 147
  • 1
  • 2
  • 13
3
votes
2 answers

Meaning of Kerberos e-data field value

I'm using Kerberos on Windows (non-Windows software generates the token) and have been trying to debug a problem. In a network trace, I can see KRB5KRB_ERR_GENERIC is being returned by the IIS server. The e-data field is supposed to contain a…
snibbets
  • 131
  • 1
  • 7
3
votes
1 answer

Kerberos authentication failing with 401

We have a .NET MVC 3 application deployed in IIS 7 on our Windows 2008 server (let's call it PROD). The application has Anonymous and Windows Authentication enabled - all others are disabled. The authentication providers specified in…
user155019
  • 31
  • 1
  • 1
  • 2
3
votes
1 answer

SSO with Apache and Kerberos issues

I am trying to set up SSO on my Apache web server using Kerberos so that users logged into the local domain are recognised and logged in immediately. I have followed this guide to the letter but I cannot get rid of the user/password prompt once…
tbh1
  • 131
  • 1
  • 1
  • 3
3
votes
3 answers

Unified Authentication between Windows AD and Linux LDAP Server

Does anyone know of a solution that would allow me to do user account synchronization between Windows Active Directory and an LDAP Server hosted on a Linux Server? I'm currently looking at FreeIPA (www.freeIPA.org) and 389DS…
user150502
1 2 3
75 76