Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

0 answers

How to create an SPN for an ADFS server with an alias

I have a colleague who has set up an ADFS server in a test environment and that have given the ADFS server an alias. host name test-server.tdom.com alias test-adfs.tdom.com The server is running under a specific AD user account. The replying party…

kerberos saml

asked Oct 07 '16 at 12:45

GaryF

votes

0 answers

Kerberos ACL to only allow the adding of non-admin principals

Right my sysadmin team is working on automating the creation of user accounts for the new students at my university. The basic idea right now is to have a principal called adduser that can authenticate to our kerberos server, and has the ability to…

kerberos access-control-list

asked Aug 20 '16 at 22:00

jen-rose

votes

2 answers

Can ssh generate a kerberos ticket? (FreeBSD)

TL;DR I want to be able to ssh from a FreeBSD host to a FreeBSD host, using my kerberos ticket generated when I first logged in. Question Environment FreeBSD 10.3 with working openldap-sasl-client, kerberos 5 (not heimdal), sssd, ssh, and joined to…

freebsd kerberos pam

asked Aug 18 '16 at 20:26

bgStack15

votes

3 answers

Provide Samba access based on LDAP info?

I'm trying to get a server set up that provides some file shares to Windows clients, and I'd like it to integrate with an existing authentication framework my school already has set up. There's a Windows LDAP server that holds info about all the…

linux authentication samba ldap kerberos

asked May 13 '09 at 19:32

Tim

1,148
1
14
23

votes

0 answers

Apache userdir over Kerberized NFSv4 mount : Forbidden access

I have set up a practical room dedicated to web development learning. Users accounts are managed by a Samba 4 AD and users files are stored in a central NFS server with exports securised by Kerberos. All work fine : Users can be authenticated by…

kerberos nfs4 apache2 mod-userdir

asked Jul 29 '16 at 15:51

Bruno MACADRE

votes

1 answer

Set up Samba with Active Directory and local user authentication

My main goal is to set up a Samba-Server, to where users can connect to by using their Active-Directory credentials. Additionally, local linux users on the Samba-Server should be able to authenticate. First I tried to configure the Samba-Server to…

active-directory samba centos7 kerberos winbind

asked Jul 26 '16 at 13:17

Soner Kalayci

votes

0 answers

How to connect to remote Kadmin KDC interface?

I have kerberos installed on my Windows Active Directory server however I cannot connect to KAdmin in UNIX. I'm able to create users and principals in Windows, export keytabs to remote linux servers and then kinit successfully. However, I want to…

active-directory kerberos

asked Jul 06 '16 at 11:56

pele88

votes

0 answers

Kerberos Double Hop - SQL2014 HA - MSA's

OK, so i'm at my wits end. We have a system which works perfectly in our UAT environment (not HA) but will not work in live. so the config is: dns A record to iis box binding in iis on :80 to dnsname HTTP/dnsname SPN HA SQL 2014 cluster dynamic…

kerberos sql-server-2014 spn

asked Jun 10 '16 at 18:47

Dan

votes

0 answers

Kerberos-based SSH login requires local user account

I've recently set up a linux system (Debian-Jesse) which has joined an MS-Based Kerberos domain and been set up to allow Kerberos-based authentication for remote access. The only issue is, authentication won't succeed unless there's a matching local…

linux active-directory ssh kerberos pam

asked Apr 13 '16 at 17:17

Wesley Boynton

votes

0 answers

Client to IIS to SQL Server Kerberos authentication

I would like to have a setup where my IIS web server sits on a different virtual server from where my SQL Server is installed, and Windows Authentication should be used for all connections. I am currently getting the dreaded Login failed for user…

windows-server-2008-r2 kerberos iis-8 sql-server-2012

asked Mar 22 '16 at 15:59

Paschover

votes

1 answer

kinit pre-authentication fails

I have a CentOS 6.4 that someone set up a while back. The admin is not sure how he installed it, but it works very well with Kerberos. I used authconfig to set the domain and the Kerberos settings. I use ktpass on a windows domain controller and…

kerberos kinit

asked Mar 04 '16 at 16:06

krb-admin

votes

4 answers

CentOS7 Kerberos Auth: Improper format of Kerberos configuration file;

I'm working on setting up a Squid 4.0 explicit proxy for group based AD authentication against a Active Directory domain (Server 2012 R2) with SSL bumping on a minimal CentOS 7 (64b) install. The domain join was very sketchy using authconfig-tui…

centos security samba squid kerberos

asked Mar 02 '16 at 16:42

beeks

votes

1 answer

Integrating squid with active directory

I am trying to integrate squid as a web proxy for my users in active directory. I have followed the tutorial in the squid site in here. When i run the command : msktutil -c -b "CN=Administrator" -s HTTP/proxy.example.com -k /etc/squid3/PROXY.keytab…

active-directory ldap samba squid kerberos

asked Mar 01 '16 at 15:03

Vini7

votes

1 answer

Migrate logcal linux users to FreeIPA ones

We have several Linux machine (running various versions of Fedora and CentOS, but that should not be relevant) with local users. Most of those local users are the same login name but might have different UID/GID based on when and by whom they were…

linux ldap kerberos freeipa

asked Feb 09 '16 at 07:43

Sardathrion - against SE abuse

votes

2 answers

How to add principals to a keytab when using realmd on CentOS

I joined a server to a MS Active Directory using realmd/sssd. I installed apache with mod_auth_kerb and created a keytab on a windows server. But, I need to add more SPNs to the keytab. I have tried using kadmin, but I get an error: root@server…

active-directory apache-2.4 kerberos centos7 sssd

asked Dec 30 '15 at 11:21

Morten Nilsen

Prev 1 2 3

…

75 76 Next