Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

vote

1 answer

Access denied to IPC$ share on Windows Domain Controller when SMB session is setup with Kerberos 5

I am writing a system which performs user login and provides single-sign-on access to SMB shares within the network. User login is done with Kerberos 5 to verify the user's identity and get a TGT ticket. When accessing an SMB share, the TGT ticket…

asked Jul 26 '19 at 10:12

Nadim Z

vote

0 answers

Ubuntu 18.04 Server Join Domain LDAP DNS Confusion

I have a domain setup with mixed systems. It's running Win2k16 server. Some clients are Windows and some are Linux. Most Linux clients are Ubuntu servers, in this case an 18.04. The Ubuntu 16s I have setup with an older winbind join are functioning…

active-directory domain kerberos sssd realm

asked Jul 02 '19 at 20:54

Will

vote

1 answer

Can not start sshd service: relocation error

After updating openssh version from 5.3 to 7.9 I am having problems when I try to start sshd service, The script that I executed is: rpm -Uvh openssh-latest-7.9p1-1.el6.cgsl7741.x86_64.rpm --nodeps rpm -Uvh…

ssh kerberos rpm package-management mitkerberos

asked Apr 23 '19 at 17:22

AndresM

vote

1 answer

Kerberos - TCP client wants 1195725856 bytes, cap is 1048572

I'm having some difficulties debugging this error. I'm running nginx as an api gateway built to make a sub-request to kerberos whenever an endpoint gets called using the SPNEGO method. But whenever I attempt to make a requests with TGS ticket in the…

nginx tcp kerberos spnego

asked Apr 21 '19 at 18:30

Kenpachi

vote

1 answer

WebSphere SPNEGO - Cannot get credential from JAAS Subject for principal

PROBLEM I get an error trying to enable SPNEGO on the WebSphere application server (WAS ND, single node) 9.0.0.7 . I have succeeded on another server, but for this one I can't find the problem. I get the following error…

kerberos rhel7 websphere spnego

asked Mar 20 '19 at 10:14

nize

vote

1 answer

mounting DFS filesystem with remote shares in it on Arch Linux

I have laptop joined to domain AAA. Have two DFS namespace servers which are also AD DC with Win Server 2012 R2. NAS is Synology server with CIFS enabled/domain joined. Servers: dc1.domain1.local - ip 10.8.0.3 dc2.domain1.local - ip…

active-directory samba kerberos sssd

asked Mar 20 '19 at 07:38

pszafer

vote

1 answer

Kerberos delegation with Apache, SSSD and FreeIPA

Let me start from describing my real goal, because I am not sure that I am trying to solve it in a proper way =) I am simply trying to make my web application obtain Kerberos credentials on behalf of the user who logs in. The webserver is part of my…

apache-2.4 kerberos pam sssd freeipa

asked Mar 14 '19 at 18:05

Dmitry Perets

vote

1 answer

Recommended deployment for public kerberos

I have configured and enabled an environment that does seamless X.509 / Kerberos authentication for iOS devices. The security concern is the KDC needs to be exposed to the public internet for this to work. I'm trying to determine the best way to…

kerberos ios

asked Mar 13 '19 at 09:35

jekennedy

vote

0 answers

NFS3/4 Performance Issues (Lock-ups) with macOS client using Kerberos

I am trying to access an NFS share using macOS High Sierra and I am having momentary system lock-up issues regardless of whether I use Finder or the command line to copy files to the share. For example, a write operation in Finder will start, write…

mac-osx nfs kerberos nfs4

asked Mar 09 '19 at 06:17

user3814483

vote

0 answers

Ansible - Kerberos. Can´t find client principal

I have a problem with ansible and Kerberos. If I start a playbook I get the follwing message: fatal: [sgtest002]: UNREACHABLE! => {"changed": false, "msg": "kerberos: authGSSClientInit() failed: (('Unspecified GSS failure. Minor code may…

kerberos ansible

asked Feb 28 '19 at 11:49

Steffen

vote

1 answer

Unable to find Plugin

I'm trying to execute this command, kdb5_ldap_util -D cn=ldapadm,dc=c4ilietest,dc=com stashsrvpw -f /etc/krb5.d/stash.keyfile cn=kerberos,dc=c4ilietest,dc=com I get this error kdb5_ldap_util: unable to find plugin…

openldap kerberos

asked Feb 28 '19 at 01:16

allthenutsandbolts

vote

1 answer

kdb5_util: Improper format of Kerberos configuration file while initializing Kerberos code

I have this file and when I execute the coammand kdb5_util create -s I get the error"Improper Format" Here is the file includedir /etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server =…

centos kerberos

asked Feb 19 '19 at 16:09

allthenutsandbolts

vote

2 answers

Kerberos - what if TGT is stolen en-route?

In Kerberos, the KDC (Key Distribution Center) creates a TGT and sends it back to the client. The client cannot open it and is not supposed to be opened. What if someone is eavesdropping and they steal the TGT and then sends it to the KDC for…

kerberos

asked Feb 07 '19 at 00:13

CodingYoshi

vote

2 answers

Dovecot IMAP authenticating proxy using Kerberos/GSSAPI

I'm trying to set up Dovecot as authenticating reverse proxy, in front of an already running IMAP server to accomplish the following: Have Dovecot authenticate users using Kerberos/GSSAPI (to allow Single-Sign-On). If properly authenticated, have…

dovecot kerberos imap gssapi

asked Jan 27 '19 at 17:34

gertvdijk

3,362
4
30
46

vote

1 answer

Kerberos shared secret key creation

There are 3 things that I don't fully understand about kerberos. Let's say that we are adding new server to an AD Domain. KDC creates a shared secret for this server and how is this key send securly to the server? There is a user who is a member…

active-directory authentication kerberos

asked Jan 19 '19 at 17:31

varrimatrass

Prev 1 2 3

…

75 76 Next