Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

0 answers

Kerberos with AuthnProviderAlias

I was configuring some AuthnProviderAliases today and I want to add kerberos to it. The problem is that when I added kerberos apache wouldn't restart and I got the following error in my syslog: May 3 15:27:09 Himeji kernel: [18882.364760]…

apache-2.2 kerberos

asked May 06 '13 at 07:27

timmeyh

votes

1 answer

Bind DN entry missing in stash file - while initializing database for realm

I'm trying to run kerberos with ldap back-end on Centos 6.3 After creating Realm with: kdb5_ldap_util -D "cn=admin,dc=example,dc=com" create -sscope sub -sf /var/kerberos/krb5kdc/example_stash.keyfile -r EXAMPLE.COM -s I'm trying to run kdc and…

linux centos openldap kerberos

asked May 04 '13 at 19:18

Augustin Ghauratto

votes

1 answer

Kerberized SSH Failed

I want to authenticate ssh login with Kerberos, however fail. The following is a snippet of ssh debug information with the command ssh -vvv localhost. debug3: Wrote 80 bytes for a total of 1125 debug1: Authentications that can continue:…

linux ssh authentication kerberos

asked Apr 23 '13 at 12:41

Summer_More_More_Tea

votes

1 answer

Active Directory: Thunderbird LDAP autocompletion not working with Kerberos auth

The Problem: I'm trying to configure an LDAP mail autocompletion - a built-in functionality of Mozilla Thunderbird 17.0.5 @ Windows 7 x64 in 2008R2 domain environment. The OS is a fresh, out-of-the-box install on VBox. It seems I cannot get it…

active-directory ldap domain-controller kerberos thunderbird

asked Apr 04 '13 at 20:34

Michał Sacharewicz

votes

0 answers

IIS7, Kerberos, sometimes no response from browser to 401

SharePoint 2010 hosted on IIS7, Kerberos enabled. Clients log on through Citrix on several terminal servers. Kerberos is working on several clients, so SPN's are defined correctly, but on some clients it does not work. Problem Windows…

iis kerberos citrix ntlm

asked Mar 19 '13 at 08:42

Boland

votes

1 answer

Lag between PAM password acceptance and session open on CentOS5

I have a very interesting situation. I have a server running CentOS5.5, and whenever I try to ssh in using any external interface, there is a 4+ second delay, consistently. There is no such delay whenever I use the internal interfaces. For example,…

centos authentication kerberos pam

asked Mar 18 '13 at 14:46

jyaworski

votes

1 answer

What is the kerberos keytab file used for in UNIX/AD kerberos authentication?

I have proved that UNIX/AD Kerberos authentication works without the presence of a keytab file so I'd like to know whether I should worry about it (given I'll need an individual keytab for each server I want to provide AD authentication services…

unix authentication kerberos

asked Mar 14 '13 at 15:58

Jon

2,111
2
13
13

votes

1 answer

SSH instant logout after ssh login kerberos / winbind

I set up a ubuntu server which is authenticating against the active directory of our W2k8 Domain. Everything went well and I see all the users in getent passwd, and wbinfo. I want to be able to use kerberos and winbind auth on the machine and so far…

ssh ubuntu-12.04 kerberos winbind

asked Feb 28 '13 at 12:46

Meiko Watu

votes

1 answer

Kerberos broken when upgrading Snow Leopard Server to Mountain Lion

I work for a small company where there's no dedicated system admin. I was tasked with upgrading our file and calendar server to 10.8, which I did by upgrading the OS then installing the server tools from the app store (as recommended by Apple).…

ldap mac-osx-server kerberos opendirectory

asked Nov 29 '12 at 12:27

Amy Worrall

votes

0 answers

issue with heimdal kerberos in ldap backend

I'm having a bit of trouble getting Kerberos (Heimdal version) to work nicely with OpenLDAP. The kerberos database is being stored in LDAP itself. The KDC uses SASL EXTERNAL authentication as root to access the container ou. I hope this is the right…

authentication ldap kerberos openldap sasl

asked Nov 11 '12 at 20:03

Brian

votes

1 answer

Can a Windows machine authenticate against Samba with Kerberos when users are stored in AD?

I understand the title is probably less clear that it should be, but I couldn't think of anything better. We have two domains, let's call them example.com and subnet.example.com. The former is managed by an Active Directory server, and houses some…

windows active-directory samba kerberos cifs

asked Oct 31 '12 at 13:38

Elias Mårtenson

votes

3 answers

Using Apache / Kerberos / Keytab to Authenticate Redmine Users Against Active Directory

We have a Debian (squeeze) server to which I have root access. It is running Apache, and Redmine is deployed to the server (currently using a local MySQL database for authentication). Apache is configured to use Kerberos and a keytab file to…

active-directory debian ssl kerberos redmine

asked Oct 23 '12 at 22:08

David Kaczynski

votes

1 answer

VM image including ready-to-use Kerberos server?

I implemented client-side Kerberos support to an open source software, and I want to test it. Is there a Virtual Machine image that I could quickly fire up, and that would include a properly working Kerberos environment, so that I can test my client…

active-directory virtual-machines kerberos

asked Jun 26 '12 at 02:54

Nicolas Raoul

1,314
7
22
43

votes

4 answers

How to determine the Kerberos realm from an LDAP directory?

I have two Kerberos realms I can authenticate against. One of them I can control, and the other one is external from my point of view. I also have an internal user database in LDAP. Let's say the realms are INTERNAL.COM and EXTERNAL.COM. In ldap I…

linux active-directory ldap kerberos

asked Jun 13 '12 at 10:49

tstm

votes

7 answers

Ubuntu + AD; Failed to join domain: failed to set machine spn: Constraint violation

I'm attempting to join a Ubuntu 12.04 server to Active Directory. I installed samba, and kb5-user, created a machine account in AD, and did: > net ads testjoin Join is OK So far so good. Then I hit a problem: > sudo net join -U myuser Failed to…

ubuntu active-directory kerberos winbind

asked May 16 '12 at 09:53

Jon Skarpeteig

Prev 1 2 3

…

75 76 Next