Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
2
votes
2 answers

RPCSS kerberos issues on imaged Windows workstations

While doing some unrelated troubleshooting (at least I think so, shared-printer issues) I came across a set of Event Log entries that have me concerned. Machine Name: labcomputer82 Source: Security-Kerberos Event ID: 4 Event Description: The…
sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
2
votes
1 answer

Kerberos error KDC_ERR_S_PRINCIPAL_UNKNOWN, should I care?

We've got a lot of Kerberos auth used in our environment that mostly seems to work, but a few errors still pop up when we turn on Kerberos error logging. The two that bother me the most are both KDC_ERR_S_PRINCIPAL_UNKNOWN which according to…
chris.w.mclean
  • 155
  • 4
  • 13
2
votes
3 answers

.htaccess requires password in chrome but not other browsers?

We have .htaccess on our site http://subdomain.site.com/: AuthType Kerberos AuthName "Internet ID" require valid-user order deny,allow deny from all allow from all On a sub directory of the site, http://subdomain.site.com/subdirectory/ we have…
Chris
  • 419
  • 1
  • 4
  • 14
2
votes
3 answers

What's a Kerberos Domain?

Is there such a thing as a Kerberos Domain? I'm pretty sure I've heard the term but I'm struggling to find a decent explanation (or any explanation). Is it just people confusing it with an Windows Domain or an LDAP Domain?
Adrian K
  • 373
  • 2
  • 12
2
votes
2 answers

Linking Linux MIT Kerberos with a Windows 2003 Active Directory

Greetings, I was wondering how one might link a Linux MIT Kerberos with a Windows 2003 Active Directory to achieve the following: A user, USER@WINDOWDIRECTORY.INTERNAL, attempts to log in at an Apache website, which runs on the same server as the…
Beerdude26
  • 101
  • 1
  • 7
2
votes
1 answer

Linux domain - central auth and laptops with cred caching

I need to set up a linux network: central authentication server and laptops (maybe desktops). Laptops must cache credentials. What is the current best way to do that? Can kerberos be coerced into doing that? Should I install Samba WAD equivalent and…
Konrads
  • 860
  • 2
  • 20
  • 38
2
votes
1 answer

SQL Server Analysis Services, DNS, AD, Kerberos, Connection Issues

Running into a very weird issue. Converting servers to Windows 2008/SQL 2008. Have a server, SERVER_A, brand new, setup with Win2k8,Sql2k8 - works. Have a Server SERVER_B, running Windows2003/SQL2005. I want to migrate from SERVER_B to SERVER_A. I…
ScaleOvenStove
  • 285
  • 6
  • 11
2
votes
0 answers

Windows client cannot get cross-domain ticket, but a Linux one (from WSL) can

I am trying to and failing to authenticate my Kerberos credentials when doing ssh from a Windows 11 client joined to a Windows Server 2019 domain (let's call it AD.LOCAL) to a Linux host joined to a domain managed by FreeIPA (let's call it…
chutz
  • 7,569
  • 1
  • 28
  • 57
2
votes
2 answers

General-purpose unix-based network authentication tool?

I want something that'll integrate auth across SSH, web (ideally including SSL, with the option of authenticating with either client-side cert or password, like they do at MIT), and whatever applications want to use it. Kerberos seems to best fit…
Patrick Collison
2
votes
2 answers

Linux workstations only authenticate on one domain controller

I have 3 domain controllers 192.168.1.6 Server 2016 [PDC equivalent] Site 1 192.168.1.7 Server 2016 Site 1 192.168.31.10 Server 2016 Site 2 and a mix of Windows10, Mac and Debian 10 linux…
Gostega
  • 161
  • 3
2
votes
2 answers

NFS4 + Kerberos does not work since 5.10 kernel

Since I updated to Debian Bullseye, nfs clients stopped working: # mount -vvt nfs4 -o sec=krb5 nfs11:/srv /mnt mount.nfs4: timeout set for Wed Sep 15 20:25:49 2021 mount.nfs4: trying text-based options…
Alek_A
  • 298
  • 2
  • 8
2
votes
1 answer

Linux pod authenticate to MS-SQL windows server using keytab

Cannot get Kerberos auth working from linux to MS-SQL server on windows. Added new user in AD. New-ADUser -Name "user" -GivenName "user" -SamAccountName "user" -UserPrincipalName "user@my.domain" –AccountPassword (ConvertTo-SecureString "password"…
DevMops
  • 21
  • 3
2
votes
1 answer

sssd credential chaching does not work

I set up an Centos7 using sssd as authentication system. The user identies are provided by files (passwd/group, managed by ansible), auth is done via krb5 (provided by active directory). The sssd.conf looks like this: [sssd] domains =…
HalexMg
  • 21
  • 1
2
votes
1 answer

Kerberos principal names for distributed services

Two typical forms for Kerberos (v5) principal names seem to be: username[/instance]@REALM service/fully-qualified-domain-name@REALM I've also seen something like this for services which could exist on multiple…
John Zwinck
  • 281
  • 2
  • 4
  • 17
2
votes
0 answers

Python Flask App on IIS - Updating Active Directory Attributes on Behalf of User

I've posted this on stackoverflow, but posting it here as I want some help from folks that are familiar with kerberos delegation and IIS. I am currently trying to figure out how to get my flask app to handle active directory attribute updates on…
moosearch
  • 21
  • 1
1 2 3
75 76