Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

How does a Kerberos Client determine the Service Name portion of an SPN?

If I deploy a server call FOO/host.example.com@myrealm how does a client become aware that the service name is FOO? ENV: Unix / MIT kerberos 1.4 or 1.10 I see windows has some sort of mapping: How exactly does the HOST/machine SPN work?, what…

kerberos

asked Mar 03 '14 at 02:06

jouell

votes

1 answer

OpenLDAP+Kerberos authentication – id (NSS) works, but authentication says user is unknown

I have a central authentication server with OpenLDAP set up and populated, and Kerberos 5, also populated. On an Ubuntu LTS machine, I set up nslcd and kerberos client stuff. This way, issuing the id gergely.polonkai tells me I'm…

asked Feb 18 '14 at 13:03

GergelyPolonkai

votes

0 answers

Integrating Kerberos authentication on Apache with a Git server

First time asking a question here so I hope I'm in the right place to do so. I've also searched for similar problems on here, but couldn't find anything quite as similar. Here's my problem. We currently have a git server (using Gitorious) that is…

httpd kerberos git

asked Jan 17 '14 at 20:13

Alocer

votes

0 answers

Authentization agains Samba4 domain controler and not working kinit

I've a problem with Samba 4 and Kerberos. If I call kinit, it writes Client not found in Kerberos database while getting initial credentials. I find out, that the Kerberos works with user name only, but the system identifies all domain users with…

kerberos pam winbind samba4

asked Dec 23 '13 at 23:38

Theodor Keinstein

votes

1 answer

Problems mounting Kerberos authenticated NFS share on CentOS 6.4

I'm trying to mount a Kerberos authenticated NFS share on a CentOS 6.4 machine. I have tried exporting the protected share from both another CentOS 6.4 machine and from our NetApp with the same results. The CentOS machines and the NetApp are all…

centos active-directory nfs kerberos netapp

asked Dec 03 '13 at 00:43

Peter Loron

votes

2 answers

Adding new SPNs to existing service ids

We have a tomcat server using spring-security kerberos to authenticate users to the webpage against active directory. There are around 25 domain controllers. The site has two CNAME based DNS aliases. The site currently has one Service ID with SPNs…

active-directory spn kerberos spnego

asked Oct 31 '13 at 14:04

jmh

votes

2 answers

Apache SSO through Kerberos using Machine Account

I'm attempting to get Apache on Ubuntu 12.04 to authenticate users via Kerberos SSO to a Windows 2008 Active Directory server. Here are a few things that make my situation different: I don't have administrative access to the Windows Server (nor…

linux apache-2.2 active-directory kerberos gssapi

asked Oct 23 '13 at 21:24

watkipet

votes

1 answer

Kerberos & signle-sign-on for website

I have a website running on a Linux computer using Apache. I've employed mod_auth_kerb for single-sign-on Kerberos authentication against a Windows Active Directory server. In order for Kerberos to work correctly, I've created a service account in…

apache-2.2 active-directory kerberos

asked Oct 18 '13 at 21:52

Dylan Klomparens

votes

1 answer

mod_auth_kerberos "Unspecified GSS failure"

I did an apache 2.4 fresh install. I'd like to use kerberos authentication. I compiled and install mod_auth_kerb modules. here is my config SSLRequireSSL AuthName "Kerberos login" AuthType Kerberos KrbMethodNegotiate…

apache-2.2 kerberos mod-auth-kerb

asked Oct 18 '13 at 07:15

ampy

votes

0 answers

Synology DSM4.3 with Kerberos and NFSv4

According to the press releases of Synology DSM4.3 can do NFSv4 and Kerberos. Actually, in the Tab with NFS settings, there is a button for Kerberos settings. But I cannot find any guidance anywhere. I have a KDC running on a seperate host. I want…

network-attached-storage nfs kerberos

asked Oct 09 '13 at 22:18

Lars Hanke

votes

1 answer

How does one remove an encryption type from a kerberos principal?

I would like to remove all of the des keys from the principal below, but have no idea how to do so without someone inputting the password. kadmin: getprinc user Principal: user@EXAMPLE.COM Expiration date: [never] Last password change: Thu May 26…

kerberos mitkerberos

asked Jul 24 '13 at 22:48

84104

12,698
6
43
75

votes

2 answers

Windows Server 2003 -Ktpass - crypto: enum value 'rc4-hmac' is not known

I'm trying to create a keytab with Ktpass on a Windows Server 2003 with: Ktpass -princ host/prueba-mail.ejemplo.org@EJEMPLO.ORG -mapuser host -pass password -crypto rc4-hmac -out UNIXhost.keytab I get the following error: crypto: enum value…

windows-server-2003 active-directory kerberos single-sign-on

asked Jul 24 '13 at 19:18

Maria José

votes

1 answer

House roaming profiles on realm trusted samba server?

Raison D'être I am attempting, so far unsuccessfully, to house roaming profiles for an Active Directory domain on a realm trusted Ubuntu 12.04LTS ZFS-on-Linux file server. The end goal is to have an inter-operable file server to house autofs nfs…

active-directory samba kerberos zfsonlinux

asked Jun 14 '13 at 22:28

84104

12,698
6
43
75

votes

1 answer

Why is Kerberos security failing for our ADFS proxy server?

We have a WCF service that uses active federation to authenticate callers via AD FS 2.0 and it's working fine internally. Now we want to expose it to the outside world, so our server team set up a server in the DMZ for the service and an AD FS Proxy…

kerberos wcf adfs

asked Jun 12 '13 at 18:47

Rick Liddle

votes

2 answers

2008 DC GPO - "Advanced Audit Policy Configuration" missing?

I'm trying to enable Kerberos Authentication auditing in a GPO for the purpose of sending auth events to an AD-integrated web filter appliance, and the instructions have me enable auditing of the Kerberos Authentication services by going…

domain kerberos

asked May 09 '13 at 15:59

Jon Heese

Prev 1 2 3

…

75 76 Next