Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
1
vote
1 answer

sudo and Kerberos on AWS Linux issues

We have an issue on some of our AWS machines, running Amazon's hacked Fedora/RHEL linux where newer-in-AD users can login with password but cannot autheticate for sudo. Users that were created in AD a while ago have no issues and this does not seem…
amacks
  • 9
  • 2
1
vote
1 answer

Is LDAP used by Active Directory for anything if I only use Kerberos for authentication?

In my windows only domain, Kerberos is used for all authentication. The domain controllers I understand replicate & authenticate using RPC. Is LDAP used for anything else? Should I close the unused 389 LDAP port on all Servers and Clients? Does…
Reemus
  • 11
  • 1
1
vote
0 answers

Alot of Events “Kerberos authentication Ticket (TGT) was rejected”

Currently we are seeing a lot of Events "Kerberos authentication Ticket (TGT) was rejected" even for the accounts that are blocked. Also from the event logs, I see a username being used which does not exist on the server, neither in Users, nor in…
Mr. Soul
  • 19
  • 1
1
vote
2 answers

login with active directory users on debian jessy not working

I'm trying to get the login with active directory users working for nearly a week now. First of all, I'm pretty new to pam, samba, kerberos and winbind. We worked with local users and sudo before, but decided to use active directory for user…
audioslave
  • 71
  • 2
  • 5
1
vote
2 answers

Issue authenticating to AD-joined Centos 7 server

Using this link, I have set up a server that is properly joined to an Active Directory server, but for some reason I can not authenticate to that server with a kerberos ticket on several test-users that I made on my laptop. All users on my local…
Peter van Arkel
  • 123
  • 1
  • 6
1
vote
0 answers

Websphere Application Server and Kerberos Keytab Renewal

I am currently running into an issue with Kerberos ticket expiration from a keytab on WAS 8.5.5.5. The same process works correctly on Tomcat 8, and I believe the primary difference is the JDK / JAAS client configurations. I am running both as…
cogan
  • 11
  • 2
1
vote
2 answers

kinit succeeded but ads_sasl_spnego_krb5_bind failed: SASL bind in progress

I'm trying to use fedora and samba as a file server. Using kerberos i'm trying to make sure no passwords are transmitted over my network. I'm able to use samba for its file server capabilities, kerberos is also able to get a ticket for…
ImAtWar
  • 63
  • 1
  • 7
1
vote
1 answer

Apache Kerberos auth prompts user for password

I am trying to setup single-sign on against our Active Directory server for my Apache using the mod_auth_kerb module. I have the following configuration in Apache: AuthType Kerberos AuthName "Test" KrbAuthRealms COMPANY.LOCAL Krb5Keytab …
Christoffer Reijer
  • 387
  • 1
  • 3
  • 14
1
vote
1 answer

Error: KDC has no support for encryption type

I have intermittent authentication issues on my ubuntu 15.04 servers. Periodically, authentication will just stop working. Eventually it will start working again on its own. Or, if I restart both smbd and sssd it will start working again right…
mrwboilers
  • 83
  • 1
  • 2
  • 6
1
vote
1 answer

HBase Kerberos SaslException: GSS initiate failed (Mechanism level: Failed to find any Kerberos tgt)

I am trying to set up Kerberos authentication for HBase using this http://hbase.apache.org/0.94/book/security.html documentation and have very little progress so far. HBase 1.1.1 from Apache without any Cloudera influences. Host machine is running…
user1455836
  • 111
  • 1
  • 4
1
vote
1 answer

MIT Kerberos with OpenLDAP backend - TLS ok when KDC started interactively but init script fails

In DNS domain domain.local. there are two machines host.domain.local. = 192.168.1.1 srv1.domain.local. = 192.168.1.2 host.domain.local. is KDC for Kerberos realm DOMAIN.LOCAL, srv1.domain.local. is a KDC for Kerberos realm…
decltype_auto
  • 129
  • 7
1
vote
2 answers

Samba4 & Active Directory Kerberos [Cannot contact any KDC for realm 'INTERNAL.CORP.COM' while getting initial credentials

Yesterday I configured an Active Directory Server using Arch Linux and Samba 4 following this guide. I even added a client to the domain and was able to log in successfuly on my client. After a restart it no longer works, I can't use Microsoft RSAT…
Jose_Sunstrider
  • 51
  • 1
  • 1
  • 8
1
vote
1 answer

GSSAPI on Linux when reverse DNS lookup doesn't match AD DNS suffix

I have CentOS 6 server that has been joined to Active Directory using Samba and net ads join -k. It thus has a keytab like this: Keytab name: FILE:/etc/krb5.keytab KVNO Principal ----…
Magnus Gustavsson
  • 151
  • 7
1
vote
0 answers

How to get Kerberos tickets in sync with OS X password changes?

I've traced an issue that's been plaguing us down to a "simple" problem: Kerberos tickets are not syncing with OS X Open Directory password changes. Another way to put this: Expired/expiring ticket renewal requests are being signed with old keys…
Chris
  • 83
  • 5
1
vote
1 answer

How does data flow in a password change with Open Directory?

I'm trying to troubleshoot an OS X OD issue and I'm having a hard time finding anything concrete about just how data flows between clients and server. Specifically, I'd love to know what exactly happens when a password is changed by a user in the…
Chris
  • 83
  • 5
1 2 3
75 76