Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

vote

1 answer

Mongodb + Kerberos BadValue SASL mechanism GSSAPI is not supported

I am trying to run an instance of mongodb with the authentication mechanism GSS-API. This is the command: mongod --dbpath /home/ec2-user/db/node2/data --auth --setParameter authenticationMechanisms=GSSAPI And this is the error that I get: F…

asked Mar 19 '15 at 07:12

Adrian

vote

1 answer

Kerberos keytab permissions

Can you share some thoughts on whether a Kerberos keytab should be readable only by root - under all circumstances? Or are there exceptions to this rule? I am setting up a Squid proxy on Debian Jessie for Kerberos authentication with Active…

squid kerberos

asked Mar 06 '15 at 16:39

marhop

vote

1 answer

Ldap+kerberos authentication through AD

Is it possible to configure ldap+kerberos authentication on a linux machine without joining it to windows domain? I have to create a pool of VMs using RHEVM with a pretty short lifetime and I do not want to join/remove them every single time…

linux active-directory ldap kerberos

asked Mar 03 '15 at 15:14

tokitux

vote

1 answer

Kerberos, Active Directory, and Linux/Unix Servers

I have done some research on the topic, but I can't quite find a straight answer to my question. Please tell me if my understanding is correct. Kerberos can be used as the bridge between a Linux/Unix OS and the Windows AD. Policies (e.g.…

linux active-directory kerberos

asked Feb 27 '15 at 17:01

Andrew

vote

0 answers

JBoss SPNEGO Authentication Renewing Server Kerberos Tickets

We have successfully configured SPNEGO with our webapp on JBoss EAP 6.2, Windows Server 2008, and IE10 using JBoss Negotiation. What is best operational practice for renewing the ticket issued to JBoss to minimize Administrator intervention? The…

kerberos internet-explorer jboss single-sign-on spnego

asked Feb 04 '15 at 20:08

praspa

vote

1 answer

Password Delegation with Windows 2008 Server Trusts?

I have a trust setup between two Windows 2008 Active Directory forests. My domains are "local.ad" and "remote.ad". All of my corporate users belong to the remote.ad forest. I have to add the "Identity Management for Unix" (IMU) role to one of the AD…

windows-server-2008 kerberos active-directory

asked Jan 27 '15 at 14:34

Server Fault

3,454
7
48
88

vote

1 answer

Kerberos Errors

Need help with the below error. I haven't been able to find much that has helped. Event Source: Security-Kerberos Event ID: 4 Qualifiers: 16384 Version: 0 Level: 2 Task: 0 Opcode: 0 Keywords: 0x80000000000000 The Kerberos client received a…

kerberos errors

asked Jan 22 '15 at 16:09

David Jordan

vote

0 answers

IIS 8.5 / Windows Authentication - 401 response on certain clients

We are running a Tomcat application behind a IIS 8.5 Windows Authentication Proxy, the redirect is via the tomcat AJP connector. We now have the problem that on certain clients, the authentication fails with a 401 error, the users get a logon prompt…

kerberos iis-8 internet-explorer-9

asked Jan 09 '15 at 08:30

Stefan Ernst

vote

0 answers

Kerberized root user on RHEL 5/6

I'm currently involved with getting NFSv4 and Kerberos. We've decided to bite the bullet and try and make the transition. Our environment is: Windows AD LDAP auth on Linux against said AD. RHEL5/6 and a small ish list of exceptions. (Some of our…

redhat kerberos netapp nfs4

asked Jan 08 '15 at 10:26

Sobrique

3,697
2
14
34

vote

0 answers

Setting environment variables based on passing Require directive

I finally succeed on configuring Apache as a SPNEGO reverse proxy for my app, and I'm using the AUTHORIZE_SAMACCOUNTNAME, AUTHORIZE_CN and AUTHORIZE_MAIL to figure out some information about the logged in user. But this is only the first…

linux apache-2.2 active-directory ldap kerberos

asked Dec 31 '14 at 19:07

tavlima

vote

0 answers

Kerberized NFSv4 share (deleted) after token expiry

I set up a NFSv4 server with Kerberos authentication and it runs well. However, some users stay logged in for long times such that they have to renew their tickets after some days. If during the time with an expired ticket a NFS share is accessed,…

kerberos nfs nfs4

asked Dec 18 '14 at 09:25

Lars Hanke

vote

1 answer

ADFS & WAP with SP 2013 - Login redirect to blank page

I set up ADFS and WAP on server 2012 R2 in order to login into SharePoint 2013. I follow several how-to, and all seems fine except one thing : When I log into ADFS form, its ok, then I land on a blank page. So I had a look at WAP logs, and it…

sharepoint kerberos adfs

asked Dec 02 '14 at 12:21

Nico

vote

2 answers

Kerberos Event 4 servername showing username

We have a .Net Windows Service that uses a Httplistener and authenticates requests using Kerberos. When users are connecting via their browser, an error in the users event log shows a Kerberos Event ID 4: The Kerberos client received a…

windows-server-2012 kerberos

asked Nov 25 '14 at 05:55

Greg

vote

1 answer

Kerberos SSH Man-in-the-Middle for Data Sniffing

Kerberos clearly keeps an attacker from getting a user's credentials in an SSH man-in-the-middle scenario (one where the attacker has gotten the user to trust their server's public key and redirects traffic through that server). However, what if an…

ssh security kerberos man-in-the-middle

asked Nov 24 '14 at 20:04

Bubba

vote

0 answers

Setting up SPN for SSRS in a CRM load balance environment

I'm getting this exception randomly in a CRM load balance LIVE environment when running Reports from CRM. System.ServiceModel.Security.SecurityNegotiationException: A call to SSPI failed, see inner…

active-directory iis kerberos spn

asked Nov 20 '14 at 12:46

Jorge

Prev 1 2 3

…

75 76 Next