Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

vote

0 answers

How can I make Kerberos flush the credential cache when a user changes their password?

We've got a fun new issue after upgrading to OS X 10.10 client and server with Open Directory (from 10.8). When a user changes their password (using System Preferences or at the Login screen) it seems the Kerberos credentials do not…

asked Sep 16 '15 at 20:59

Chris

vote

1 answer

Can I use kadmin (Linux) to add/remote SPNs from an Active Directory server?

Is it possible to use kadmin (Linux) to add/remote SPNs from an Active Directory server? I'm trying to add some service principles on my Active Directory server and store the keys in the local keytab (on the Linux machine).

active-directory kerberos keys private-key

asked Sep 14 '15 at 19:59

SofaKng

vote

0 answers

Open Directory Password Change Issues on OS X Server 10.10

I'm having a problem with 50+ workstations (10.9 and 10.10) when a user changes their OD password (either at the OS X login screen or the System Preferences). The password change updates on the server but if the user doesn't immediately restart…

mac-osx ldap openldap kerberos mac-osx-server

asked Sep 04 '15 at 02:31

Chris

vote

0 answers

Kerberized NFSv4 without creating new service principals

I need to deploy NFSv4 with Kerberos authentication in an existing AD environment, however, it must be done without making any changes on the KDC... So I figured, I would need to reuse host credentials for authenticating the servers. However, it…

centos6 nfs kerberos

asked Sep 03 '15 at 13:28

dgyuri92

vote

1 answer

Active Directory authentication without Kerberos?

A friend of my has a Linux machine hosting Jenkins and a Windows 2008 Domain Controller. He uses Active Directory authentication in Jenkins and only specified the domain name and domain controller in the Jenkins configuration. All user can use their…

active-directory samba kerberos jenkins

asked Aug 30 '15 at 19:46

user3625015

vote

1 answer

Is it possible for two legs of a service to have the same SPN? Or at least clients refer to a single identity?

For a WCF service "SuperService", installed on two separate servers "Server1" and "Server2" - is it possible to have a single SPN identity string to which the WCF client "SuperClient" can refer? Such that SuperClient can consume the service hosted…

iis kerberos wcf spn

asked Aug 18 '15 at 15:01

Richard

vote

1 answer

automate kinit while login using sssd

I'm searching and trying this for a few weeks. What I've done so far: I'm authenticating for login using sssd with ldap. This works actually great! We need to authenticate via sssd with ldap, because the AD is deep nested. Any other authentication…

ubuntu active-directory kerberos sssd

asked Aug 11 '15 at 06:39

cbuchey

vote

1 answer

Kerberos master server to slave server automation?

I've set up Kerberos in my workplace running on Centos 6 boxes, and successfully propagated the master server database to the slave and also set up a cron job to update it automatically every 5 minutes. I was wondering if there was a way to…

linux authentication cron kerberos automation

asked Jul 10 '15 at 13:53

Mark O'Reilly

vote

1 answer

kadmind error - krb5_recvauth: start_seq_get is not supported in the HDBGET keytab type

I'm trying to migrate a heimdal KDC with an OpenLDAP backend from a Debian 5.x server (heimdal 1.2.dfsg.1-2.1) to a Ubuntu 14.04 server (heimdal 1.6~git20131207+dfsg-1ubuntu1.1), and am running into problems with kadmind on the 14.04 system. Some…

ubuntu openldap kerberos ubuntu-14.04 heimdal

asked Jul 03 '15 at 18:03

kartik_subbarao

vote

1 answer

Ubuntu 14.04 Failing to join domain for Integration with Active Directory (winbind & samba)

I've followed the tutorial at this link https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto Everything seems to be configured somewhat correctly, net rpc join worked and the realm is listed when entering the command "realm list" but I am…

linux active-directory samba kerberos ubuntu-14.04

asked Jun 16 '15 at 16:04

Riptyde4

vote

1 answer

Security-Kerberos Error, event ID 4

I have two new Domain Controllers on new Forest. Servers have DFS and IIS services installed. Everything seemed to go Ok for a While. After updating servers I got new errors. Now once in hour aditional Domain controller IIS2 is making these errors…

active-directory windows-server-2012-r2 kerberos

asked May 06 '15 at 06:32

Timo77

vote

2 answers

LDAP syncrepl with kerberos authentication

I'm trying to set up a replication server for LDAP using syncrepl. I would like to use Kerberos to authenticate the consumer, because we have it set up, and it seems more secure. The database definitions for my provider and consumer are below. When…

ldap replication openldap kerberos

asked Apr 30 '15 at 16:10

onlyanegg

vote

2 answers

Apache SSO with Active Directory and providing authorization based on groups

I'm using rhel5 running a LAMP stack to create an intranet with. I'm attempting to achieve SSO with users on our network using IE and Firefox. Using the following module I'm able to successfully do it: mod_auth_kerb I would like to take it a step…

linux apache-2.2 ldap kerberos

asked Sep 24 '09 at 15:23

netadmin_newb

vote

1 answer

Client not found in kerberos database while getting initial

I am installing Squid3 on Ubuntu 14.10 and I want to integrate it ADDS on windows server 2012 using kerberos 5. My infrastructure are as follows: Default Gateway: 192.168.1.1 DNS & Domain Controller(Windows Server 2012 ): dc.mydomain.com address …

active-directory windows-server-2012 squid kerberos ubuntu-14.10

asked Apr 13 '15 at 15:33

Vinod Patidar

vote

1 answer

Troubleshooting kerberos problems with Samba

I've run into an odd problem with Samba 3.6.23. Right now I have a Windows 2008 R2 machine that has trouble accessing shares on a domained Samba box. \\example_serv\my_share : Fails with LOGIN FAILURE \\172.16.102.19\my_share : Works just…

windows-server-2008-r2 samba kerberos

asked Mar 23 '15 at 18:21

Blue Warrior NFB

Prev 1 2 3

…

75 76 Next