Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

vote

1 answer

Is it possible to switch to Kerberos only Windows domain

Is it possible to configure both Windows servers and workstations (Windows 7) to use only Kerberos for authentication and not use NTLM for authentication within the Domain? I was told that Kerberos authentication fails if the target system is…

asked Feb 08 '12 at 13:00

Konrads

vote

2 answers

Where are the Kerberos time outs in Windows 2008R2?

We have a DFS share that redirects users to a EMC CIFS share. Several end users are unable to access it and get the following Kerberos Security warning: The System Detected an attempt to compromise security I believe it's because the Kerberos…

kerberos dfs cifs emc

asked Feb 01 '12 at 22:50

makerofthings7

8,821
28
115
196

vote

0 answers

Setting up single sign-on between Mac client & OS X Server

I'm not "single sign-on" is the right terminology for what I'm trying to accomplish, so please correct me if I'm wrong. We have a Mac OS X Server and Mac clients. Kerberos and Open Directory are running and apparently happy. I imagine the following…

mac mac-osx-server kerberos single-sign-on opendirectory

asked Jan 21 '12 at 19:54

Meltemi

vote

2 answers

Changing user passwords under Kerberos/LDAP

I've set up Kerberos/LDAP on Ubuntu 11.04 Server according to this guide. My client machines are auto-mounting NFS volumes from the server using krb5. All is good: Users can log in to any of the machines in the office and their home directories…

ubuntu ldap openldap kerberos password-reset

asked Dec 15 '11 at 18:52

BrianTheLion

vote

2 answers

Kerberos LDAP and Ubuntu Login

I setup Kerberos and LDAP for directory management at an institution for Ubuntu OS. I got LDAP configured correctly and Kerberos. The user's home directory is in an LDAP directory. When the user logs in, the process of authentication grants the…

linux ubuntu login ldap kerberos

asked Nov 28 '11 at 14:37

user1052943

vote

0 answers

Kerberos high availability failover, Apache Mod_auth_kerb, Using the Kerberos slave is slow

We host our own Redmine rails web application internally with Apache using Mod_auth_kerb and our internal Kerberos for authentication. We have 2 internal Kerberos servers KDC1 and KDC2. KDC1 is master. KDC2 is a slave to KDC1. When KDC1 is working…

linux apache-2.2 failover high-availability kerberos

asked Nov 11 '11 at 01:50

caleban

1,116
4
18
34

vote

1 answer

Publishing Activesync through TMG with client certificates (403.7 Forbidden)

I'm trying to publish Exchange 2003 activesync on a Server2K3 box, through TMG 2010 on a 2008R2 box, using client certificate on Android mobiles. From what I can tell, the issue is with TMG, as when I connect directly to the mail server everything…

exchange kerberos activesync microsoft-ftmg-2010

asked Nov 03 '11 at 19:08

Tony Blunt

vote

1 answer

Custom 401 error page served by Apache for firefox by not IE Kerberos Authorization by group

My Custom 401 error page gets served by Apache for firefox by not IE. I'm using Kerberos authentication and ldap group Authorization. Basically if a user is not in the proper group I'd like the 401 error page to show. This is working properly with…

apache-2.2 kerberos internet-explorer http-error-401.2

asked Oct 20 '11 at 15:19

RussellBallestrini

vote

3 answers

Can a Kerberos server interfere with Active Directory on the same network

I would like to set up a Kerberos server to authenticate users on our various Linux servers. However, the network that the Kerberos server will be on already has a Windows 2k3 domain controller on it. Is there any way that this Kerberos server can…

linux windows active-directory kerberos

asked Jun 26 '09 at 16:44

Swoogan

2,007
1
13
21

vote

3 answers

Disabling Windows password changes on Samba domain

When a user on one of our Windows clients hits ctrl-alt-delete to change his password, our Samba domain controller is notified and performs the password change. Unfortunately, the group policy rule requiring password complexity is ignored. Further,…

samba ldap password kerberos

asked Jun 25 '09 at 19:29

thras

vote

1 answer

Unable to Login to kadmin from Kerberos Client

I have a small problem of getting my client to authenticate to a kerberos server that I just setup. Whenever I run: [root@localhost log]# kadmin -r KERBEROS.MONZELL.COM -p host/kerberos.monzell.com Authenticating as principal…

linux authentication kerberos mitkerberos

asked Sep 13 '11 at 03:32

Rilindo

5,058
5
26
46

vote

1 answer

Problem with mixed cases in username

We have integrated a linux thin client with an AD using kerberos, pam and winbindd. We are using pam_mkhomedir to make the home dir, and that works fine. But the login scripts don't run when the AD users use mixed or upper case in there usernames.…

linux active-directory kerberos pam

asked Sep 12 '11 at 17:41

xpatrikh

vote

1 answer

Kerberos authentication not working for one single domain

We have a strange problem regarding Kerberos authentication with Apache mod_auth_kerb. We use a very simple krb5.conf, where only a single (main) AD server is configured. There are many domains in the forest, and it seems that SSO is working for…

apache-2.2 active-directory kerberos

asked Aug 31 '11 at 16:33

Michael Böckling

vote

1 answer

Using Kerberos between two seperate domains

We run SharePoint 2007 in our envirnoment and currently have a non-transitive, external trust setup between the two domains because were planning on migrating to SharePoint 2010. Our SQL Server is in the domain 2, while domain 1 has the front end…

sharepoint kerberos

asked Aug 19 '11 at 22:17

Bob

vote

2 answers

How do I use ldapsearch with a cross-realm ticket?

kinit user@DOMAIN.TLD klist -afe Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: user@DOMAIN.TLD Valid starting Expires Service principal 08/04/11 13:14:53 08/05/11 01:14:53 krbtgt/DOMAIN.TLD@DOMAIN.TLD renew…

ldap kerberos sasl gssapi

asked Aug 04 '11 at 20:38

84104

12,698
6
43
75

Prev 1 2 3

…

75 76 Next