Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
2
votes
1 answer

Can I enable Kerberos authentication for Oracle 11g Database Standard edition?

I have an Oracle 11g Database Standard instance running on Windows Server 2008 R2 and I need to enable Kerberos authentication. I followed the documentation for activating Kerberos 5, but cannot get it to work. So I was wondering, is this…
Ucodia
  • 89
  • 1
  • 2
  • 12
2
votes
1 answer

Lookup Active Directory entry by implicit UPN

In our company exists a forest-wide UPN suffix company.com and almost all user accounts have the explicit UPN set to fistname.lastname@company.com. This value is also set in the Active Directory userPrincipalName attribute. Now we have an…
Michael-O
  • 221
  • 1
  • 2
  • 13
2
votes
1 answer

TFS 2010 Kerberos Falls Back to NTLM When Using FQDN

We have a Team Foundation Server 2010 set up using Kerberos. If we're accessing it via http://tfsserver:8080/tfs, everything's fine and users were never prompted for credentials. However if accessing it via http://tfsserver.domain.com:8080/tfs, then…
Jim
  • 629
  • 2
  • 7
  • 20
2
votes
1 answer

Windows 7 system won't talk to MIT Kerberos server

I've installed MIT Kerberos 1.10 on a Debian server and happily have my Debian clients authenticating with it. I'm having some trouble getting my Windows 7 machine to do the same, however. I've used ksetup to configure the machine as…
Sam Morris
  • 345
  • 1
  • 10
2
votes
2 answers

Active Directory Integration over VPN

I recently started working as a network admin for a company who has 2 locations and we use a VPN to connect them. We need to set up an Active Directory and Exchange Server at the second location to be fully integrated with the first. I already…
arazvan
  • 21
  • 1
2
votes
2 answers

Kerberos constrained delegation to domain controllers

Setup: Forest Functional Level: Windows 2003 All DCs - Windows 2003 64 bit SP2 Requirements: Citrix server wants to use Kerberos delegation for SSO purpose. They want to create Kerberos constrained delegation from Citrix presentation server to local…
KAPes
  • 994
  • 4
  • 12
2
votes
1 answer

Can UNIX/MSAD LDAP/Kerberos authentication work without matching usernames?

It looks as though there is a solid requirement for usernames on the UNIX client and in the MSAD to match for kerberos authentication to function (I think LDAP authentication too). Is this absolutely the case? Our infrastructure owners have a habit…
Jon
  • 2,111
  • 2
  • 13
  • 13
2
votes
1 answer

Why my clients send the HTTP requests before getting Kerberos tickets from KDC

I have been trying to get squid running with kerberos for a few days, but I'm in big pain. I have double checked all the configuration files they all seems OK. Here is my question, today I have captured the packets with wireshark and I saw that my…
Muhammet Can
  • 161
  • 1
  • 6
2
votes
3 answers

Wrong principal in request (SSH/ GSSAPI/Kerberos/Debian)

I've set up two VMs on an "internal" (in VirtualBox meaning) network, one being a DNS server (dns1.example.com) and the other - a KDC and Kerberos admin server (kdc.example.com). The default and the only realm is EXAMPLE.COM. Both machines use…
badbishop
  • 898
  • 3
  • 11
  • 21
2
votes
1 answer

Server 2008 Audit Failure Event Logs

I am having trouble figuring out what is causing massive audit failures on a server 2008 system. the event id is 4771 Account Name: Administrator Service Name: krbtgt/DOMAIN.NAME Client Address: ::1 Client Port: 0 Pre-Authentication Type: 2 The log…
Jeff
  • 1,089
  • 5
  • 25
  • 46
2
votes
1 answer

Squid Authentication & streaming

I've got squid setup using Kerberos authentication. I'm also using squidguard as an URL redirector to block out the usual nastiness of the web. There are some sites though that we allow certain users to, and others not. This all works well, assuming…
Steve Butler
  • 1,016
  • 9
  • 19
2
votes
1 answer

Many HTTP 401's with Kerberos authentication via mod_auth_kerb

I've got an Apache2 httpd running in front of a Tomcat, doing authentication via mod_auth_kerb. When I open the console in Firebug, I see lots of 401's See screenshot: Is there a way to avoid this? I guess its causing an additional roundtrip which…
Michael Böckling
  • 301
  • 3
  • 15
2
votes
0 answers

Autofs always uses uid 0 when mounting

We have some Ubuntu clients here which shall mount kerberos protected NFS homes. The server works nicely with the existing clients, so we can assume that ldap and kerberos are ok. We managed to configure ldap on the ubuntu clients and kinit is able…
jan bernlöhr
  • 1,473
  • 3
  • 12
  • 16
2
votes
2 answers

Linux in AD: Supported enctypes for Windows 2003 AD

In the MIT Kerberos implementation that comes with most Linux distributions, I can define what encryption type I want to use for ticket requests. I am not a Windows guy, but apparently, Kerberos as a whole offers a lot of options here and Windows AD…
wzzrd
  • 10,269
  • 2
  • 32
  • 47
2
votes
0 answers

NFSv4 ACLS vs NFSv3 KRB5 - problems - alternatives?

So NFSv4 acls don't ignore the umask as far as I can tell. And nfsv3 with kerberos has its own host of problems (with autofs - race conditions with pam). So if we want to use an nfs like system with autofs support what alternatives are there. I've…
Trevor Adams
  • 21
  • 1
1 2 3
75 76