Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
1
vote
1 answer

Postfix and Cyrus auth again AD

i try to setup a new Mailsystem and configure Postfix for smtp and Cyrus for IMAP, Authentication should be work over SASLAUTHD again Active Directory. I install following Versions: Cyrus 2.2 Postfix: 2.5.5 Debian GNU/Linux 5.0 Authentication…
kockiren
  • 886
  • 2
  • 14
  • 35
1
vote
1 answer

Kerberos passthrough with Microsoft ISA/TMG and SAP EP - Internet Explorer is confused if https

I've been struggling with this prob since a while and I start being desperate to find a solution. Here's my problem: I have setup a SAP Enterprise Portal which is published via Microsoft ISA. ISA is used to publish the page via HTTPS (only HTTP on…
user56823
1
vote
0 answers

Kerberos Issue on Aliased SharePoint Web Front Ends

I am having a problem with Kerberos working on SharePoint. Also note that I am a developer not a network guy so if I use the wrong terms I apologize but I hope my intent is clear. We have two web front ends aliased to a single name say "SPPortal"…
Junx
  • 111
  • 4
1
vote
1 answer

Squid/Kerberos authentication with only Linux

I would like to know if it possible to let a Windows Xp machine authenticate to Squid (Linux) using Kerberos without the need of an Active Directory domain. I only want to create a Kerberos ticket on the client side, which should give the client…
user28362
  • 526
  • 3
  • 7
  • 20
1
vote
2 answers

Kerberos authentication in IIS with .NET app under domain identity not working

Having a hell of a time trying to get a .NET web app to use Kerberos auth successfully, and would appreciate some assistance from the SF community. Currently there is a Win2003/IIS6 server hosting a web site out of the default "network service"…
user44172
1
vote
1 answer

Failure to create keytab file using msktutil on Centos to W2K8

I'm trying to setup a centos 5.5 squid server to authenticate against a windows 2008 DC. I have followed the tutorial: Getting Squid to authenticate with kerberos and Windows 2008/2003/7/XP However I have run into an issue. When I run the command:…
user49321
  • 11
  • 4
1
vote
1 answer

samba + kerberos ssh single signon (SSO)

I'm modifying an existing samba config that it works fine for authenticating AD users on linux servers to also handle Kerberos and SSO. I've successfully got pam_winbind to use kerberos and it is handing out tickets, as well as having configured SSH…
Matt Delves
  • 473
  • 2
  • 6
  • 12
1
vote
2 answers

TGT validation fails, but only for one user

I'm seeing the weirdest thing here. I have a couple of RHEL3, 4 and 5 machines that validate user credentials through Kerberos with an Active Directoy domain controller as their KDC. This works for all of my users, save one. There is one account…
wzzrd
  • 10,269
  • 2
  • 32
  • 47
1
vote
1 answer

Internet explorer rejects cookies in kerberos protected intranet sites

I'm trying to build an intranet site using joomla. The webserver is using HTTP Kerberos authentication with mod_kerb_auth. Everything works fine, the users get authenticated and so on. But if i try to login to the administrator panel i can't because…
remix_tj
  • 11
  • 6
1
vote
1 answer

Exporting user keytabs in MIT Kerberos

How can I export a Kerberos keytab with a given password, so I can use it to authenticate passwordlessly with MIT KfW, while still being able to authenticate with a password elsewhere? If it matters due to enctype issues or something like that, the…
Fahad Sadah
  • 1,496
  • 11
  • 21
1
vote
4 answers

Can we have Linked Servers when using NTLM?

I don't have access to the Active Directory settings, nor do I have access to change anything on the linked server. From everything I've read, it seems like this means I cannot use Kerberos - which is a big problem, because I don't know how to use a…
BlueRaja
  • 986
  • 1
  • 10
  • 17
1
vote
3 answers

Why does Kerberos need Ticket Granting Server?

It's probably something fundamental but I can't find a certain statement. Why can't KDC authenticate then provide the service ticket directly. Is it about security or performance or some other thing? Since users don't log in each time they request a…
user33322
1
vote
2 answers

Developer Laptop with SQL Server 2008 can't login to SSIS when offsite

When I bring my Windows XP (SP3) laptop home I can still login as my domain account because Windows caches the info necessary to authenticate me when the domain controller isn't around. However, when I try to connect to the local SQL Server (2008)…
Wayne Bloss
  • 143
  • 1
  • 1
  • 5
1
vote
1 answer

Confusion about Kerberos, delegation and SPNs

I already posted this question on SO, but the nature of it is between programming and server configuration, so I'll re-post it here as well. I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the…
Vilx-
  • 791
  • 4
  • 13
  • 25
1
vote
1 answer

Apache2 + mod_auth_kerb + active directory will not authenticate group permissions

I have an apache2 server setup under ubuntu to authenticate against an Active Directory Domain Controller. It works fine with an .htaccess file in the folder I want to protect with a line like require valid-user My problem is I would like to…
Matt Phillips
  • 155
  • 6
1 2 3
75 76