Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
3
votes
2 answers

How do I configure an ldap server on ubuntu 11.04 ? (for use with subversion and trac)

I have an Ubuntu server 11.04 on ec2 (I'm mentioning this, as it appears things have changed in this version from previous ubuntu releases, when it regards LDAP configuration). I want to configure it as a subversion server with trac, for private…
Doron
  • 543
  • 1
  • 6
  • 14
3
votes
1 answer

Fallback authentication if mod_auth_kerb fails

Is there a way for Apache to fall back to a different authentication method if Kerberos authentication (for some reason) fails? The order of the authentication methods should be: Kerberos Active Directory RSA token The RSA token authentication is…
Ian
  • 31
  • 1
  • 2
3
votes
3 answers

Risks involved in setting up Kerberos authentication for WSS Reporting Services

We have an established Intranet based on WSS with two front ends and a database. Currently all authentication is NTLM. We have installed Reporting Services In Integration Mode. RS works as long as the web front end that has RS installed on it…
Mesh
  • 213
  • 3
  • 10
3
votes
2 answers

Kernel-mode Authentication: 401 errors when accessing site from remote machines

I have several Classic ASP sites that use Integrated Windows Authentication and Kerberos delegation. They work OK on the live servers (recently moved to a Server 2008/IIS7 servers), but do not work fully on my development PC or my development…
CJM
  • 730
  • 2
  • 12
  • 28
3
votes
1 answer

Use a preferred username but authenticate against Kerberos principal

What I desire to do should be pretty simple. I have an Ubuntu 10.04 box. It's currently configured to authenticate users against a kerberos realm (EXAMPLE.ORG). There is only one realm in the krb5.conf file and it is the default…
Jason R. Coombs
  • 1,000
  • 1
  • 10
  • 18
3
votes
1 answer

NTLM, Kerberos and F5 switch issues

I'm supporting an IIS based application that is scaled out into web and application servers. Both web and applications run behind IIS. The application is NTLM capable when IIS is configured to authenticate via Kerberos. It's been working so far…
G33kKahuna
  • 289
  • 1
  • 4
  • 10
3
votes
1 answer

How to debug ssh authentication failures with gssapi-with-mic

when i ssh to DOMAIN\user@localhosts-name authentication works fine through gssapi-with-mic: debug3: remaining preferred: gssapi,publickey,keyboard-interactive,password debug3: authmethod_is_enabled gssapi-with-mic debug1: Next authentication…
Arthur Ulfeldt
  • 3,219
  • 9
  • 31
  • 40
3
votes
1 answer

Oracle with Kerberos authentication and Windows 2003 Server as KDC

I am running Oracle 10.2 on a Windows 2003 Server SP2 which is also the domain controller on the network. I wish to switch authentication method from NTS to Kerberos. I have spent a lot of time trying to configure Oracle with Kerberos authentication…
Supaplex
  • 31
  • 1
3
votes
0 answers

Extremely slow NFS openat performance

I've installed an NFS server on Ubuntu 20.04 and a FreeIPA Ubuntu 20.04 client with the users home directories served by the NFS server. Performance is extremely slow when accessing files. When I strace the process with time spent in syscalls, I…
YuvGM
  • 153
  • 4
3
votes
0 answers

SSH login not working with Kerberos

I am trying to perform SSH login using Kerberos authentication. Instead of Kerberos, password is prompted for login. There are three computers : client, kdcserver and service (SSHD server). Client is trying to login to service using…
khopdi
  • 31
  • 2
3
votes
0 answers

id: user: no such user

I'm using Centos 7 to authenticate locally Active directory users using kerberos. I joined the realm with the Administrator and i can login/ssh through it/with it, nslookup working fine, and adcli info is working. When i create another user called…
Gopal
  • 31
  • 1
  • 2
3
votes
1 answer

NFS/krb5 authentication server lookup fails due to wrong principal name

When mounting an NFSv4 with Kerberos, authentication fails and krb5kdc.log shows the wrong principal name for the NFS server. LOOKING_UP_SERVER: ... host/nfsclient.internal.domain.tld@IPA.DOMAIN.TLD for…
ifndef
  • 31
  • 1
3
votes
1 answer

How to use Windows Kerberos ticket in WSL and/or Docker

I don't know much about Kerberos authentication, I just have some basic experience with configuration and usage. Recently I noticed that Windows has a built-in Kerberos implementation that is configured. So when I run klist in PowerShell, I get a…
SchLx
  • 131
  • 1
  • 4
3
votes
0 answers

How to run kinit as root before automounting mutiuser cifs mounts?

Goal I'm setting up multi-user CIFS mounts in an Active Directory environment under CentOS 8.2. The storage server supports SMB3.1.1 protocol. Prerequisites I could easily integrate the system to the Active Directory and I've edited SSSD…
MauvaisJoueur
  • 31
  • 3
3
votes
0 answers

What is the practical difference between krb5-self and krb5-subdomain in BIND9 update-policy statement?

What is the practical difference between krb5-self and krb5-subdomain policies in BIND9 on update-policy statement while dealing with dynamic DNS updates on zones? From the BIND9 documentation it states the following: krb5-self: This rule takes a…
Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
1 2 3
75 76