Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

vote

1 answer

SASL error: No credentials were supplied, or the credentials were unavailable or inaccessible

In a Debian GNU/Linux environment, I am not able to have SASL work with kerberos: sudo /usr/sbin/sasl-sample-server -m GSSAPI -s ldap Forcing use of mechanism GSSAPI Sending list of 1 mechanism(s) S: R1NTQVBJ Waiting for client mechanism... C:…

kerberos heimdal

asked Sep 01 '16 at 13:44

473183469

1,350
1
12
23

vote

2 answers

Kerberos not working. - Can't find client principal in cache collection

I was able to connect to my windows systems from linux box using domain credentials, when all of a sudden it stopped working. I have tried different accounts and different domains and getting the same error for every account -- ""msg": "kerberos:…

kerberos

asked Aug 25 '16 at 15:19

Aseem

vote

2 answers

What is a Kerberos user principal instance?

I've read in O'Reilly "Kerberos" book that it is possible to create instances for user principles. As I understand, the text says I could have username@REALM.NET for usual activities and username/admin@REALM.NET for ssh login to production server…

active-directory ssh kerberos

asked Jul 31 '16 at 20:41

olmstad

vote

0 answers

Configure HTTP SPN for a domain user account on Windows Server 2012R2

I have a Windows 2012R2 Server and I would like to use Kerberos authentication with my IIS web applications. How do I set the SPN and map the users for HTTP and HTTPS services for a given use account in Active Directory?

windows iis http kerberos spn

asked Jul 21 '16 at 22:02

Peter

vote

1 answer

How can I federate between two Kerberos realms?

I want to design my own micro services framework - API lifecycle mgmt, service discovery and security. Authentication surely must be encryption based but how do we go about federating across two Kerberos realms?

kerberos

asked Jul 06 '16 at 23:02

lifeisstillgood

vote

1 answer

SELinux rules in CentOS 7 with Samba and SSSD on Kerberos Ticket generation

I've built a simple File Server with Samba and Netatalk running on CentOS 7.2. Everything is working as expected except for SELinux that's denying Samba to authenticate due to a policy of denying writes on /var/tmp for the Kerberos Ticket. This is…

centos7 kerberos selinux samba4 sssd

asked Jun 26 '16 at 18:18

Vinícius Ferrão

5,400
10
52
91

vote

1 answer

FreeIPA AD Trust based Integration using SunLDAP to store Policies

If we want to use the FreeIPA Active Directory Trust Integration Option, can we use an existing implementation of SunLDAP to store the Policies (e.g. sudo, hbac etc.) Essentially we don't to create another LDAP Directory just for storing the…

linux active-directory kerberos sssd freeipa

asked Jun 15 '16 at 20:04

Saqib Ali

vote

2 answers

Can a Unix host obtain Kerberos keytabs for another host from Active Directory?

We use Puppet to configure our servers, but creating Kerberos keytabs for them is currently a manual process. We would like the Kerberos keytabs of the Unix machines to be automatically generated, when the machine is first bootstrapped. The various…

active-directory samba kerberos samba4

asked Jun 08 '16 at 21:22

Mikhail T.

2,272
1
22
49

vote

0 answers

kinit unable to connect

I'm trying to connect to a Kerberos running on ApacheDS. Here is the initial LDIF I've loaded on LDAP: dn: ou=Users,dc=example,dc=com ou: Users description: Example.Com Users objectClass: organizationalUnit dn:…

kerberos apache-ds mitkerberos

asked Jun 04 '16 at 13:46

Francesco Marchioni

vote

2 answers

Initialise Kerberos ticket on ssh login using PAM

Right, so I am struggling a bit with PAM in Centos7. I have no idea how to configure it manually and make the changes permanent so that I get a kerberos ticket after a successful ssh login. The primary authentication method as you can see is winbind…

linux kerberos centos7 pam winbind

asked Apr 20 '16 at 08:52

koullislp

vote

0 answers

Unspecified GSS failure. after setting up krb5/ldap authentication

new here, so I recently setup ldap/krb5 authentication on an centos7.2 vm. Krb5/ldap is working correclty as I can login using ldap user account. However, when I check the logs in the client machine /var/log/secure it is spamming Unspecified GSS…

authentication openldap kerberos centos7

asked Apr 01 '16 at 20:36

user3331457

vote

0 answers

Does FTP service (IIS 7.5) on Windows 2008 R2 support kerberos authentication?

I have configured http service on IIS 7.5 for kerberos authentication. And it works fine. I have checked from linux box # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: alex@EXAMPLE.NET Valid starting Expires Service…

windows iis ftp kerberos

asked Mar 08 '16 at 11:18

ALex_hha

7,025
1
23
39

vote

1 answer

Having a Kerberos issue, and can't trace the traffic in NetMon

I'm trying to get Kerberos to work for a new Sharepoint server I'm installing. It works fine for the server name, but not the FQDN. I've done setspn for both, and I've added the domain to trusted sites, and still no luck. So I figured I'd try…

kerberos

asked Mar 05 '16 at 03:06

teleute00

vote

0 answers

Apache External access

I am wondering if anyone can help me. I am trying to setup SSO. I have it working inside a domain, where the kerberos ticket is passed and they sign on works and the user is able to login correctly. If no kerberos ticket is present it requests…

apache-2.2 kerberos

asked Feb 05 '16 at 15:58

dmurray

vote

1 answer

Determine usage of UPN for logon inside MS AD forest / domain

maybe somebody can give me a hint on this. I am evaluating the prerequisites for changing all (human) user's UPN in a large Microsoft AD environment to the recommended MS format (aligned with the user's primary public mail address incluiding the…

active-directory domain-controller kerberos ntlm

asked Jan 21 '16 at 09:52

Matthias Raithel

Prev 1 2 3

…

75 76 Next