Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
1
vote
2 answers

Can anyone recommend a book on Kerberos that mentions AD 2008?

I've got a nice O'Reilly book on Kerberos from our library, but it was last updated in 2003. I'm pretty sure there have been changes and improvements since then, especially with AD 2008. Are there newer books on Kerberos?
jldugger
  • 14,122
  • 19
  • 73
  • 129
1
vote
1 answer

SSH Kerberos Auth in Mac OSX 10.7

I just upgrade my Mac OS to 10.7 Lion. It has worked well before. But , Only kinit working normally now, can't ssh to my server. After reinstall the "Mac OS X Kerberos Extras" , nothing better. Anyone give me a help? Thanks a lot!! my command line…
deemstone
  • 11
  • 1
  • 2
1
vote
1 answer

setting up freebsd kerberos key server windows client log in musts

Very few texts talk about a unix key server a client windows (lets say XP) to authenticate. The texts that I have read will mention this topic but more or less skip the details. When setting up/compiling/building/etc a unix (say freebsd) key server,…
rev
  • 113
  • 1
  • 8
1
vote
1 answer

Does enabling Kerberos require a server reboot?

We are going to enable Kerberos to allow double hop authentication between our SQL Servers. Our company is nearly 24 hours which leaves a very small window for server restarts. Is it possible to enable Kerberos without requiring a reboot of our…
Clownish Carnage
  • 13
  • 4
1
vote
0 answers

Kerberos Service Principal not found in AD

I've got a strange problem with an Active Directory SPN Account. This does not work: kinit HTTP/my.host.com@MY.REALM However, "setspn -l SA_MyUser" lists "HTTP/my.host.com" as registered service principal. It has got to be a problem withthe AD…
Michael Böckling
  • 301
  • 3
  • 15
1
vote
2 answers

How do I get an OS X 10.5 box PCI compliant when the OS X 10.5.7 PHP and Kerberos versions are considered 'Vulnerabilities'

I have just upgraded a server to the latest OS X version 10.5.7 and my compliance scan tells me that these OS-installed components are causing vulnerabilities. I can't see where I can download higher versions or even if they exist! Kerberos 5 is…
Neil Enock
1
vote
2 answers

Using a system user to transfer files via scp/kerberos

I need a cron job to transfer a file across servers using scp and kerberos authentication. The system user for the job is in /etc/passwd on both machines and a valid keytab has been created (with -randkey) for the kerberos auth. The cron job…
Aaron
  • 11
  • 1
  • 2
1
vote
1 answer

PAM with KRB5 to Active Directory - How to prevent update of AD password?

I have a working Fedora 9 system that's set up to authenticate users via PAM -> krb5 -> Active Directory. I'm migrating this to Fedora 14, and everything works, but it's working too well :-) On Fedora 9, if a Linux user updated their password, it…
Ex Umbris
  • 804
  • 7
  • 24
1
vote
2 answers

In LDAP/Kerberos terms world, where do I use which domain parts?

I have a domain name. Let's call it example.com. There's a server - server A - which is has hosting setup on it, and example.com configured as it's domain name. Meaning, resolving example.com, will get server A's IP. I have another server - server B…
Doron
  • 543
  • 1
  • 6
  • 14
1
vote
1 answer

DCOM Authentication Fails to use Kerberos, Falls back to NTLM

I have a webservice that is written in Classic ASP. In this web service it attempts to create a VirtualServer.Application object on another server via DCOM. This fails with Permission Denied. However I have another component instantiated in this…
Asa Yeamans
  • 11
  • 1
  • 3
1
vote
1 answer

Recommend tools for auditing/testing MIT Kerberos Passwords

Debian 6 MIT Kerberos i.e. krb5 I want to be able to audit/test the passwords in our Kerberos server periodically for quality. If the passwords can be cracked quickly I want to notify the users to change their passwords etc. I administer the…
caleban
  • 1,116
  • 4
  • 18
  • 34
1
vote
1 answer

Creating a New Kerberos User

I've inherited a Fedora Linux system running Kerberos, and I'm trying to create a new user. I've been able to bring up the kadmin prompt, and I'm trying to create the user NewUser, so I tried issuing the command: ank -policy users NewUser but I get…
Cerin
  • 3,497
  • 17
  • 57
  • 72
1
vote
1 answer

When I log on to my company desktop, I log on to a domain. How is this domain name installed?

When I have to work on my machine in company, I have noticed that I log on to a domain (named on the basis of company name) and not really on that computer. From, what I understand, this has a few advantages, the primary being that I just need one…
xyz
  • 141
  • 1
  • 5
1
vote
1 answer

FreeBSD 7.0 Kerberos Login over SSH, But Not Console

I assume there is an easy solution to this, but I prefer to ask before mucking up our intranet server. During a support session, my co-worker and I realized we could login in with our Kerberos credentials over SSH, but not the console (in this case…
songei2f
  • 1,924
  • 1
  • 20
  • 30
1
vote
1 answer

Logging on to Kerberos / Kerberos Constrained Delegation from a pc not in the domain

Can a client pc authenticate against a Kerberos / KCD authenticated service (that is - not use NTLM) if they have valid domain accounts, but the pc they're using can't access any of the DCs and / or isn't a member of the domain itself?
Bonethug
  • 11
  • 1
1 2 3
75 76