Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

OpenSSH + Kerberos SSO: No key table entry found for host/localhost.localdomain

SSO not working with OpenSSH - I have not been able to get GSSAPIAuthentication to work with Kerberos. Everytime I attempted to login, I kept getting prompted for the password. During the troubleshooting, I initiated a debug here: [foster@kvm0007…

asked Sep 26 '11 at 02:37

Rilindo

5,058
5
26
46

votes

1 answer

./configure error installing PHP with Kerberos support on Ubuntu

I am trying to install PHP on Ubuntu 11.04. I am compiling from source. Here are my installation dependencies: apt-get -y install php5-dev php-pear apt-get -y install libxml2-dev libevent-dev zlib1g-dev libbz2-dev libgmp3-dev libssl-dev…

ubuntu php kerberos

asked Sep 21 '11 at 15:21

Obi Hill

votes

1 answer

In Win/AD, does kerberos authentication require the services accounts to be the same?

I am trying to isolate the cause of a KRB5KDC_ERR_BADOPTION (13) that I am seeing come back in a WireShark trace. I have set an SPN to associate xxx/server.fqdn:port with the domain account that the xxx service is running under on the target…

active-directory kerberos delegation

asked Aug 24 '11 at 01:31

Bye

votes

1 answer

Squid Kerberos/LDAP Active Directory only works on IE not on Firefox and chrome

I've setup a proxy using squid, with kerberos/ldap as authentication. I used this article as reference: http://www.howtoforge.com/debian-squeeze-squid-kerberos-ldap-authentication-active-directory-integration-and-cyfin-reporter I tried using the…

active-directory squid kerberos firefox

asked Aug 16 '11 at 04:59

Sam

votes

1 answer

Any way to make cross-realm logins case insensitive?

I've got a demo cross-realm setup between MIT Kerberos and AD. Users can log in just fine as long as the machine is properly configured and the user knows that the realm is all uppercase and case sensitive. I have a feeling though, that once we roll…

windows authentication kerberos

asked Aug 08 '11 at 23:07

jldugger

14,122
19
73
129

votes

2 answers

FreeBSD: OpenLDAP, SASL, and GSSAPI

I've run into some problems getting OpenLDAP on FreeBSD (8.2-STABLE) to authenticate using Kerberos tickets. I hope I've just had a brain glitch, so please feel free to let me know that I've missed something obvious. Here's where things…

ldap freebsd openldap kerberos sasl

asked Jun 10 '11 at 15:20

larsks

41,276
13
117
170

votes

2 answers

Kerberos authentication using Java and ActiveDirectory: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN

Iv'e got a Java app that is SSO-enabled using Kerberos under the URL http://alf-test.example.com/. Unfortunately somethings not working, the AD says it doesn't know the service principal. This is the TGS-REQ exchange: Request: Kerberos…

active-directory java kerberos

asked Jun 08 '11 at 14:00

Michael Böckling

votes

1 answer

Moving my website to different server changes authentication from Kerberos to NTLM

I have a webservice that is configured for Windows Authentication. The client code that invokes the WS passes along the credentials to the WS as follows: myWebService.Credentials = System.Net.CredentialCache.DefaultCredentials; (my understanding is…

iis-6 authentication kerberos

asked May 16 '11 at 19:52

DaniellaMercuryFan

votes

1 answer

NTLM token sent instead of Kerberos ticket

I am trying to implement kerberos SSO in our network using spnego on a tomcat server. We have created an account (TCNKRBGINA) on the domain for the preauthentication, and setspn'ed it to the http server: Setspn -A HTTPS/testtech.etat-ge.ch…

windows-server-2008 kerberos spnego

asked Apr 14 '11 at 08:30

Maurice Perry

votes

2 answers

iis' Basic Authentcation with Kerberos?

A friend tells me that he uses Basic authentication of IIS for authentication of his web app. This system uses Kerberos too, but how can Basic Authentication and Kerberos work together?! I know that Basic Authentication sent password in Base64 (like…

iis authentication kerberos

asked Mar 25 '11 at 11:26

Matteo

votes

2 answers

need help in setting up SPN for Kerberos Authentication

I am using IIS 7 for setting up a website under windows authentication. I am seeing authentication issue which i am almost sure that it is related to kerberos issue and i am wrongly setting up SPN. The scenario which i am using is as below. I have…

iis-7 iis-7.5 kerberos spn

asked Mar 22 '11 at 10:26

Manish Shukla

votes

1 answer

OpenLdap configuration

Simple enough question; is there a way you can configuare your ldap server so it only accepts kerberos authentication and rejects any other type. I'm almost 100% certain this can be done, i just do not know how - something in a config file no…

authentication kerberos openldap

asked Feb 23 '11 at 14:15

owain

votes

1 answer

Disable Kerberos password

When trying to add a new user on a Debian 6.0 box I get: passwd: User not known to the underlying authentication module How can I disable Kerberos authentication and use the good old UNIX password?

linux debian kerberos

asked Mar 15 '11 at 12:15

breez

votes

2 answers

Problem with testsaslauthd and kerberos5 ("saslauthd internal error")

The error message “saslauthd internal error” seems like a catch-all for saslauthd, so I’m not sure if it’s a red herring, but here’s the brief description of my problem: This Kerberos command works fine: $ echo getprivs | kadmin -p username -w…

linux security kerberos sasl

asked Feb 27 '11 at 15:06

danorton

votes

1 answer

IE Kerberos failure on some machines with CNAME web server (with SPN for host's A record)

It's fairly well known that IE doesn't like to do Kerberos against hosts that are registered in DNS as CNAMEs. What happens is that IE turns around and uses the underlying A record for the host for looking up the Service Principal Name (SPN). On a…

active-directory kerberos cname-record

asked Feb 23 '11 at 06:14

Eric Thames

Prev 1 2 3

…

75 76 Next