Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

vote

1 answer

nagios - Web interface: authentication through kerberos OK, what about authorization on cgi.cfg?

I have successfully installed nagios, and it provides authentication through apache2 which contacts a kerberos authentication server to authenticate users. Now, users are authenticated, but they don't have any authorization as authorization is…

nagios openldap kerberos

asked Aug 24 '12 at 13:28

philippe

2,131
4
30
53

vote

1 answer

How can I set up an authentication system with single instance storage of credentials and several authentication methods/interfaces?

Background: I have a collection of Linux-based servers (let's say a few dozen) that are hosted in different locations. Some servers are lone satellites while others are hosted together in the same data centers. Some are physical hardware servers,…

ldap authentication sql kerberos openid

asked Aug 09 '12 at 12:59

Fabian Fagerholm

vote

2 answers

Accessing Kerberised NFS server from daemons on specific client servers

I have an NFS tree exported from a file server that is secured using Kerberos and uses LDAP for authentication and uid/gid management. Everything works swimmingly for each client machine and each individual user, but I'm not sure how to grant access…

linux nfs kerberos

asked Aug 08 '12 at 07:37

Shabbyrobe

vote

0 answers

Problems mounting kerberos protected NFS share from a client machine

I have a client Linux (Fedora 16) PC that I want to use to access a NFS share. Running the command mount -v -t nfs4 -o sec=krb5 server.company.com:/home/share/username /media/nfs results in access denied by server while mounting…

nfs kerberos

asked Jul 17 '12 at 07:35

Phyxx

vote

3 answers

How can I disable Kerberos authentication for only the root of my site?

I have Kerberos-based authentication and I want to disable it on only root url: http://mysite.com/. And I want it to continue to work fine on any other page like http://mysite.com/page1. I have such things in my .htaccess: AuthType Kerberos AuthName…

apache-2.2 authentication kerberos url authorization

asked Jul 02 '12 at 18:03

petRUShka

vote

1 answer

ISA 2006 switch to kerberos causes authentication problems for some users

In our large corporate environment we have 4 ISA 2006 servers set up. The users (WinXP IE8) are configured with an automatic proxy configuration script. Recently, the PAC was modified to return FQDN instead of IP addresses of the ISA servers. …

proxy kerberos isa-server ntlm pac

asked Jun 15 '12 at 13:08

Ed Manet

vote

2 answers

iPad revocable vpn access

I'm a programmer at my organization, but somehow got drafted into looking into some server stuff so forgive me of my ignorance: They want to give our sales people secure access to our internal sites using their iPads. This must be secure (obviously)…

vpn kerberos apple-ios securid

asked Jun 12 '12 at 14:01

carpat

vote

4 answers

How to ensure machine is "Kerberos Domain" joined?

i've been having issues where calls to the LogonUser Windows API function is falling back to NTLM authentication, rather than using the preferred, default, Kerberos authentication. Researching the problem, a guy has a suggestion: The thing to do…

windows active-directory kerberos ntlm

asked Apr 30 '12 at 21:21

Ian Boyd

5,131
14
57
79

vote

1 answer

Is kerberized ssh (gssapi-with-mic) possible without access to KDC or domain admin?

I'm working inside a domain environment, served by Active Directory from a Windows 2008 host. I'm a regular "Domain User", with no special privileges and will not be able to get any. When trying to setup my own Linux system to login via ssh with…

ssh single-sign-on kerberos

asked Apr 30 '12 at 12:47

Garen

vote

2 answers

Active directory auth to comprimised machine?

Let's say that I have a machine on my domain that has been compromised by an unknown attacker. If I use my domain credentials to log into that machine remotely, via RDP, does that expose my credentials to the attacker? I know AD uses kerberos…

active-directory kerberos security

asked Apr 30 '12 at 01:06

devicenull

5,572
1
25
31

vote

0 answers

Creating keytab for computer account to decrypt packet capture

We are having an issue with our blackberry server (EWSTest fails at autodiscover lookup) and I am running a packet capture with Wireshark in an attempt to diagnose the issue. There is a conversation that is encrypted with Kerberos (RC4-HMAC) that I…

active-directory wireshark kerberos

asked Apr 27 '12 at 20:22

visualtrey

vote

2 answers

Sometimes RDP shows certificate warning and kerberos single sign-on does not work

I'm using Windows 7 and the Servers are Windows 2008 R2. So far there are at least 4 Servers that show this behavior. Sometimes I get a warning when trying to connect via RDP stating the certificate name is wrong. When I reboot the server this…

certificate kerberos remote-desktop-services

asked Apr 26 '12 at 09:53

Jonathan

vote

1 answer

Can I link proxy users from a single LDS instance to multiple domains?

I have an Active Directory Lightweight Directory Services set up. I have objects that represent users in the Active Directory (Domain_A). I have set their objectSID attribute, and users can authenticate to LDS with their Active Directory password. I…

active-directory ldap kerberos ad-lds

asked Mar 20 '12 at 02:23

ixe013

vote

0 answers

Unable to access SQL Server 2008 - Cannot Generate SSPI Context

I've had this problem for a few weeks but haven't had time to focus on it until now. My company has a relatively fresh installation of Windows Server 2011, which is also running Microsoft SQL Server 2008. Everything was running along fine, until one…

sql-server-2008 kerberos

asked Mar 02 '12 at 23:03

Andrew De Forest

vote

1 answer

libapache2-mod-auth-kerb: access to / failed, reason: user 'd_inevitable' does not meet 'require'ments for user/valid-user to be allowed access

I am not sure if this is down to libapache2-mod-auth-kerb, apache2-mpm-itk or apache2 in general. The error message itself is very cryptic: access to / failed, reason: user 'd_inevitable' does not meet 'require'ments for user/valid-user to…

apache-2.2 kerberos

asked Mar 02 '12 at 20:35

d_inevitable

Prev 1 2 3

…

75 76 Next