Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

7 answers

Add new server to Server Manager, get Kerberos error 0x80090322

I'm setting up a Windows lab environment. It has a Win2012R2 domain controller (srv001) and I'd like to add another Win2012R2 server to the domain (srv003). Actually, all goes well. I gave the new server a static IP address in the same subnet as the…

asked Mar 07 '14 at 06:50

rwwilden

votes

1 answer

Windows 7 NFS Client Using Kerberos and Linux KDC

I am trying to configure a Windows 7 Enterprise client to mount a NFSv4 share on a Linux NFS server using Kerberos and a Linux KDC. The setup is: IPA Server (OS: Scientific Linux 6.4, Pkg: ipa-server) NFS Server (OS: Scientific Linux 6.4, Pkg:…

windows-7 nfs kerberos scientific-linux freeipa

asked Feb 22 '14 at 15:36

Mike

votes

5 answers

Change local password as root after configuring for MS-AD Kerberos+LDAP

I have followed this excellent post to configure Kerberos + LDAP: http://koo.fi/blog/2013/01/06/ubuntu-12-04-active-directory-authentication/ However, there are some local users used for services. When I try to change the password for one of those,…

linux ubuntu ldap kerberos passwd

asked Jan 31 '14 at 17:36

Daniel C. Lopez

votes

2 answers

SSH Kerberos authentication fails with "Wrong principal in request/Got no client credentials" on debian squeeze

I have a debian squeeze host where I can't log in with kerberos without a password prompt. An identically configured ubuntu 12.04 host works fine and can log in without getting a password prompt. After a kinit, klist gives: Ticket cache:…

linux ssh debian-squeeze kerberos

asked Feb 14 '13 at 15:55

b0ti

votes

3 answers

Permissions are not taking effect with Kerberised NFSv4 on FreeBSD

I'm currently trying to set up an NFSv4 server on FreeBSD. I have extensive experience with doing this on other Unices (Solaris and Linux), but I'm fairly new to FreeBSD. My goal is to achieve the following: Files served from the FreeBSD system The…

freebsd nfs kerberos nfs4

asked Feb 09 '13 at 04:58

Elias Mårtenson

votes

2 answers

Risks of Kerberos Delegation

I've been spending hours upon hours trying to learn and understand Windows Authentication, Kerberos, SPNs, and Constrained Delegation in IIS 7.5. One thing I just don't get is why it is "risky" to leave delegation enabled (i.e. not disable…

iis-7.5 kerberos windows-authentication intranet delegation

asked Nov 09 '12 at 23:18

Chiramisu

votes

1 answer

NFS (with Kerberos) mount failing due to "Server not found in Kerberos database" error

When running: sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt I get this error on the client: mount.nfs4: access denied by server while mounting sol.domain.com:/ And on the server syslogs I read UNKNOWN_SERVER: authtime 0, …

amazon-ec2 nfs mount kerberos

asked Apr 04 '12 at 18:13

Kendall Hopkins

votes

3 answers

Can Windows integrate with LDAP?

Given an existing LDAP server used for authentication, can Windows desktops authenticate users against LDAP or perhaps Kerberos?

windows authentication ldap kerberos

asked May 01 '09 at 20:43

jldugger

14,122
19
73
129

votes

2 answers

Is there a way to get Kerberos credentials to delegate twice? Why not?

All my nerdly life, I've dealt with this limitation of Windows Domains Login - console Integrated auth to something (usually web app) My credentials can't move to another server (e.g. database or file system). They have to trust machine 2. Is…

active-directory kerberos delegation

asked May 31 '09 at 19:56

Precipitous

votes

1 answer

How to Change the Kerberos Default Ticket Lifetime

Our KDC servers are running either Ubuntu Dapper (2.6.15-28) or Hardy (2.6.24-19). The Kerberos software is the MIT implementation of Kerberos 5. By default, a Kerberos ticket lasts for 10 hours. However, we'd like to increase it a bit (e.g. 14…

kerberos

asked Apr 13 '10 at 21:07

user40497

votes

3 answers

Virus that tries to brute force attack Active Directory users (in alphabetical order)?

Users started complaining about slow network speed so I fired up Wireshark. Did some checking and found many PCs sending packets similar to the following (screenshot): I blurred out the text for the username, computer name and domain name (since it…

security active-directory kerberos malware brute-force-attacks

asked Mar 17 '10 at 22:48

Nate Pinchot

votes

1 answer

IIS7 Windows Authentication Providers

Does anyone know what the different windows authentication providers for IIS7 means. There are 3 available providers NTLM Negotiate Negotiate:Kerberos NTLM is pretty obvious I think its NTLM and Negotiate is that Kerberos if so then what is…

windows-server-2008-r2 iis-7 authentication kerberos ntlm

asked Feb 19 '10 at 20:57

Satish

votes

4 answers

Running a Windows service under a domain user account

If I run a Windows service on some host under a domain user account, and the password for this account changes at some later point, will the service now fail to start, until you update the password? If not, how are the credentials for the domain…

windows domain password windows-service kerberos

asked Jan 21 '10 at 21:20

BeeOnRope

votes

3 answers

ldapsearch and kerberos authentication

I can successfully connect and search to an Active Directory domain controller using ldapsearch. I am using the -x option, to specify a username/password authentication (password being specified by -W and username by -D). I currently need to dump…

debian kerberos

asked Apr 20 '17 at 09:46

philippe

2,131
4
30
53

votes

1 answer

Set up a Windows 10 Client for a Linux KDC Realm

I set up a KDC Server and created a Realm EXAMPLE.COM. Here is my krb5.conf file: [libdefaults] renew_lifetime = 7d forwardable = true default_realm = EXAMPLE.COM ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false …

linux windows kerberos hadoop

asked Dec 01 '16 at 14:31

D. Müller

Prev 1 2 3

…

75 76 Next