Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
1
vote
1 answer

Why is my OSX client having so much trouble connecting to our SMB server?

I'm asking this here because I think I'm more likely to find SMB/kerberos experts here than in Ask Different, which seems to be mostly related to OSX client issues. When I first connect to our SMB share, the Finder seems to lock up for a good 30…
Ted Middleton
  • 111
  • 1
  • 5
1
vote
0 answers

Connect an LDAP realm with an AD domain, with the same name?

The situation is a separate group has created an LDAP domain. We'll call it foo.bar. (fyi, none of these are connected in any way to the Internet) They also have a Windows domain and renamed it to foo.bar so, in their words, they can connect the…
murisonc
  • 2,968
  • 2
  • 20
  • 30
1
vote
2 answers

Create kerberos keytab from AD file with more than one SPN

I need to create a Kerberos keytab file from Active Directory with three different SPNs. It's no problem to add different SPNs with setspn -a but when I try to create a keytab file with ktpass only the given SPN will be saved to the keytab…
HighMilkyWay
  • 23
  • 1
  • 4
1
vote
1 answer

What does squid proxy do when negating acl proxy_auth_regex in rule?

The NTLM auth helper only tags users as authorized if they are member of a AD group. The Kerberos auth helper tags a user as authorized, if he was able to log in, the group check can't be done by the Kerberos helper, so i need a external ACL…
HighMilkyWay
  • 23
  • 1
  • 4
1
vote
1 answer

Add custom headers to HTTP 401 responses from Kerberos mod_auth_kerb

I'm using Apache with mod_auth_kerb to perform HTTP authentication. How do I add custom headers to the 401 Authorization Required response generated by the auth module? The relevant sections of my Apache configuration are below. My custom header is…
quietmint
  • 207
  • 2
  • 10
1
vote
1 answer

Is it possible to set up cross realm Kerberos

We have a setup with an IIS and a SQL server and have implemented Kerberos to use SQL Sercurity directly. We have a AD forest: Internal.local and the setup works fine there. Now the customer wants external access through external.com and of course…
Burrhus
  • 113
  • 3
1
vote
0 answers

Mysterious kinit-failure on Debian Jessie

I have a machine with the Samba 4 AD and the second as a client. After two days of good operation, suddenly the kinit stopped working on the client-side. The reason is quite mysterious. It cannot resolve the name of the server. It gets from…
Theodor Keinstein
  • 181
  • 1
  • 11
1
vote
2 answers

kadmin interface not working - immediately closes connection

So far I've been doing most of the administration for kerberos with kadmin.local, however, I'm trying to migrate over to using the remote kadmin as it would be better practice and all. What I'm seeing is this: esr@cpt2:~$ kadmin -p…
EricR
  • 199
  • 4
  • 12
1
vote
1 answer

Kerberos on IIS 7.5, unknown error - how to troubleshoot

I have a asp.net site installed on a server owned by a client. The client now, due to using MobileIron for single-sign-on capabilites on mobile devices, requires my site to work with Kerberos authentication. The web server is IIS 7.5. The client has…
hazard
  • 111
  • 1
  • 4
1
vote
2 answers

How does Cron interact with Kerberos for authentication?

I have a CentOS 6.4 machine which is set up with pam_ldap and pam_krb5. It is configured to use our Active Directory servers for authentication. I can SSH into the machine using AD accounts. I have not set up any kind of keytab file. I set up a…
Peter Loron
  • 168
  • 2
  • 8
1
vote
1 answer

AD Login to Solaris Zone Periodically Not Working

I have a Solaris 11.1 zone named "AZone". I have the zone joined to an Active Directory domain (Windows Server 2008) with the goal of users being able to use their AD account to log in to the Solaris zone. After a lot of headaches and monkeying…
DBA Josh
  • 11
  • 2
1
vote
0 answers

heimdal error Decrypt integrity check failed for checksum type

when I try to authentication with heimdal-kdc ,I get this error in kdc log : (enctype aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 and authentication…
user880414
  • 11
  • 4
1
vote
1 answer

Using Kerberos only for SSO

I've installed Kerberos on the Debian machine that hosts an internal application, to be able to use it to authenticate users against our AD. This works. However, Kerberos seems to feel responsible for managing the linux user accounts on that machine…
npst
  • 113
  • 3
1
vote
1 answer

Kerberos using app pool credentials

I have the following setup: ServerA, a web server with an asp.net mvc site ServerB, a web server with an asp.net Web Api service The MVC site on ServerA consumes the Web Api service on ServerB. Users log into the MVC site but certain service…
James
  • 121
  • 4
1
vote
1 answer

Alfresco with only MIT Kerberos: What authentication.chain?

I want Alfresco to authenticate users using SSO with MIT Kerberos. What authentication.chain should I use? I tried authentication.chain=kerberos1:kerberos without success. Based on this answer I have also set up an LDAP server containing the same…
Nicolas Raoul
  • 1,314
  • 7
  • 22
  • 43
1 2 3
75 76