Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
1
vote
1 answer

mod_auth_kerb keytab file for a different FQDN

I have an Active Directory domain that resembles 'AD.EXAMPLE.COM'. I've installed an Apache server that has an FQDN that is slightly different from my AD Domain name: 'apache.example.com' (without the AD). I'm trying to configure a Kerberos…
nadavr
  • 11
  • 1
1
vote
2 answers

Kerberos Failure Audit Event Id 4769 on Domain Controller

I have an average of 17-18 failure audit events per hour recorded in the Security event log of a Windows 2012R2 domain controller, related to attempts of a Windows 2008R2 member server to obtain a Kerberos service ticket A Kerberos service ticket…
AdiGri
  • 21
  • 1
  • 4
1
vote
0 answers

Kerberos SSH/PAM login like AD

I've recently been trying to set up a new Ubuntu server environment, we've wanted to set up a single sign on system that functions similar to good old Windows AD. In this case you would SSH with a kerberos username and password and you are…
Wingar
  • 31
  • 4
1
vote
0 answers

Is it possible to make the Kerberos Server use LDAP for just the crendential validation, and use a local Keberos Principal DB for everything else?

We are working with a LDAP setup that we can not change or extend. We need to add a Kerberos Server to the environment. Is it possible to make the Kerberos Server use LDAP for just the crendential validation, and use a local Kerberos Principal DB…
Saqib Ali
  • 410
  • 2
  • 7
  • 19
1
vote
0 answers

Kerberos kdc is unable to bind to ldap

I am following this guide to setup Kerberos with LDAP. I have followed all the steps. But when I am running kadmin.local it exits with following error: Authenticating as principal root/admin@EXAMPLE.COM with password. kadmin.local: Cannot bind to…
DarKnight
  • 11
  • 3
1
vote
0 answers

Alfresco kerberos cross domain auth fails with KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN

i've a problem authenticating kerberos with multiple domains. I'm using Alfresco 4.2f on Windows Server 2012 R2 and i've a forest trust (function level 2008 r2) between two domains. My kerberos cross domain setup is like in the word document from…
BetaWayOfLife
  • 11
  • 2
1
vote
0 answers

Kerberos net ads join doesn't respond

I'm trying to join Active Directory in Xubuntu 16.04 in a enterprise business enviroment so I'll change the name of my REALM by MY.EXAMPLE.CORP. My issue is: when I run net ads join -U Administrator it asks me the password for the AD administrator…
Ruben
  • 11
  • 1
  • 4
1
vote
1 answer

How to share NFS4 + Kerberos with dynamic IP and dynamic-dns setup (rdns doesn't work)

I have two linux machines. One is a machine behind a typical dynamic IP cable modem + OpenWRT router. The machine behind the NAT regularly updates a forward DNS record via an API call with my provider (ie. there is a dynamic DNS set up to identify…
dlakelan
  • 86
  • 8
1
vote
1 answer

Is it possible to change an MIT Kerberos password programmatically?

First of all, I'm not an infrastructure guy, I'm a developer, so please excuse me if I'm leaving important information out. I just need to determine if the following is possible, and if so, how to proceed. When a user changes their Active Directory…
silverCORE
  • 111
  • 1
  • 1
  • 4
1
vote
1 answer

How can I setup automatic renewal for Kerberos tickets and make the ticket life longer, in an OSX Server mail server

I have to renew tickets manually in my server terminal for users to have access to their mail accounts. I am using kerberos as a login authentication to access a local mail server. My local machine has a name of remote.X.pt and is providing mail to…
marafado88
  • 372
  • 2
  • 8
  • 27
1
vote
0 answers

IIS Kerberos double hop not working for windows clients

I have an IIS 7.5 server configured for Kerberos Authentication and this has been working fine for quite a while. Recently, some Windows updates were applied (by server admins) and now when my IIS server connects to a remote SQL Server instance…
Daryl Gubler
  • 31
  • 1
  • 6
1
vote
1 answer

apache 401 redirect for kerberos authentication

For our helpdesk we use the GLPI package with Kerberos SSO for our active directory users. Right now if someone does not have a valid kerberos ticket, we redirect them to GLPI login page on another domain. The SSO domaine is servicedesk.domain, the…
Edzilla
  • 11
  • 2
1
vote
0 answers

Reverting to Kerberos when Negotiate:Kerberos switches to NTLM

I am working with a system which implements constrained delegation for a double-hop from Firefox 38.2.1 (or IE 11) accessing an intranet .NET 4.5.1 web application running on Windows Server 2012 (IIS 8.5) to SQL Server 2008 R2 on a different server.…
Rick V
  • 111
  • 2
1
vote
0 answers

gnome-terminal - I have no name

Environment: OS: Ubuntu 14.04.5 LTS x64 HW: VM on vSphere with 2vCPU and 2GB Memory Default GNOME desktop installation with gnome-session-flashback 3.8.0. Connected to AD domain using Samba and winbind (see files below). Issue: Login etc. is…
NoBodyIsPerfect
  • 11
  • 5
1
vote
0 answers

Kerberos cross realm authentication for kadmin

We have set up cross realm authentication using MIT Kerberos, it's quite straightforward if you adhere to the docs. But we are missing one feature: We'd like to be able to authenticate to the kadmind of some "sub"-realms using principals in an…
Sascha K
  • 31
  • 2
1 2 3
75 76