Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
2
votes
1 answer

SSH, Kerberos, AD: how / where to config /etc/pam.d/password-auth?

I have a CentOS 6 machine here and want to give SSH access for users from another forest, which is trusted. I got a temporary workaround, which is: 1) change content in /etc/pam.d/vncserver to auth include password-auth 2) add these two lines…
Thomasle
  • 21
  • 2
2
votes
0 answers

Kerberos - KDC and IIS on same machine

I have one domain controller which must act as Kerberos KDC and a IIS server running on that same domain controller. I need to set up an Integrated Windows Authentication where a domain user can browse the IIS server authenticating with Kerberos. My…
user324139
  • 21
  • 1
2
votes
2 answers

MaxTokenSize on Server 2012 R2 and Groups

I fixed an issue yesterday where a 2008 R2 machine did not want to communicate with the DC. I discovered warnings in the event log relating to the kerberos buffer, so I increased the size in the registry and rebooted the server, voila, issue…
Michael
  • 51
  • 3
  • 8
2
votes
0 answers

Dante with Kerberos configuration across sites

I have a requirement to host a socks proxy in a central location, using Dante. What I've been asked to do is connect remote clients to it across the internet, they'll pass through a gateway routing device that will forward HTTP traffic to Dante, in…
Stephen K.
  • 21
  • 2
2
votes
0 answers

Powerbroker Open : Cannot automount CIFS share, where is the kerberos ticket?

I am using Powerbroker Open (formerly Likewise Open) to join CentOS 7 machines to a Windows 2012 R2 domain. Login etc. works fine. Now I am trying to use the automatic mount of home directories via PBs RemoteHomeDirTemplate option - the CIFS share…
trapperjohn
  • 71
  • 2
  • 8
2
votes
0 answers

Obtain Kerberos ticket automatically (on boot) in CentOS 7?

I'm using Ansible to administer a group of Windows servers, with my control machine running CentOS 7.1. I've set up my /etc/krb5.conf file to authenticate to a domain controller so I can use one domain account to authenticate to all of my hosts.…
user305683
2
votes
1 answer

List all kerberized SPN's in Linux

Is there a way to list/show all SPN's in an kerberized AD using a Linux Client? In Windows one can use setspn -T -Q */* to get them. Is there something similar? Haven't found anything yet. Or is it even possible? Of course I request a TGT…
Thanathan
  • 123
  • 1
  • 4
2
votes
1 answer

Joining Linux host to Active Directory fails to update Microsoft DNS

I am joining Linux hosts (CentOS 6) to Active Directory using a special bind account. I've granted delegate permissions to this user and when I join on the default Computers OU, a computer object is created and DNS is updated. Now, I've granted…
Python Novice
  • 341
  • 1
  • 4
  • 12
2
votes
2 answers

Windows 7 versus 8 Access CNAME'd Share

Here's a situation that came up yesterday: we have a share on a machine we have to access using an alias (CNAME). The machine is running Windows Server 2012 R2, and services Windows 7 and 8 clients. Windows 7 clients have no issues opening the share…
Fred Woodbridge
  • 21
  • 5
2
votes
2 answers

How to avoid frequent KVNO increases, when using Apache HTTPD with mod_auth_kerb talking to AD?

I've setup Apache HTTPD 2.4 with mod_auth_kerb, created a service account on Active Directory, added a SPN for my http hostname, created a keytab file on the linux machine, and had SSO start working nicely for users logged into the AD domain from…
Gagravarr
  • 747
  • 3
  • 7
  • 21
2
votes
1 answer

Active Directory: Permissions to get Kerberos Service Ticket

I have an Active Directory with a KDC running on Windows Server 2012. At the moment, every user can request service tickets for every service from the TGS. I'm looking for a solution where the KDC only grants a service ticket for service X if the…
phXql
  • 21
  • 2
2
votes
1 answer

Unable to join AD domain using Kerberos from kickstart

I am trying to join to the Windows domain in the %post chroot section of my kickstart script using kinit and net commands after setting up the samba, kerberos and sssd configurations in %pre. My authconfig looks like this in the command section and…
Dejan
  • 248
  • 1
  • 2
  • 12
2
votes
1 answer

Ubuntu 14.04 Active Directory auth fails after static ip config

I'm having 6 Ubuntu 14.04 servers that are joined to active directory (2003 domain functional level 2008r2 schema) All of the servers work's fine when network interface is configured to use DHCP. But the networks these servers will be located on…
user2782999
  • 123
  • 3
  • 7
2
votes
0 answers

How can one determine what Kerberos key encryption algorithms are supported on a Cisco IOS device?

When attempting to load an SRVTAB over TFTP, I receive an "Unsupported keytype" error: abc(config)#kerberos srvtab remote 1.2.3.4 abc.srvtab Loading abc.srvtab from 1.2.3.4 (via Vlan123): ! [OK - 121 bytes] Unsupported keytype 18! Discarding... No…
eggyal
  • 392
  • 4
  • 16
2
votes
1 answer

What is "Ticket Options" Referring to in Domain Controller Event Logs?

I'm trying to figure out what Ticket Options is referring too within this event log off my domain controller. It is in response to a kerberos authentication…
Petey B
  • 173
  • 1
  • 10
1 2 3
75 76