Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

Strange FreeRadius and Kerberos issue

Currently I am trying to get my FreeRadius server to talk to my FreeIPA server and through some Googling I discovered I need to have FreeRadius talk to Kerberos in order to do user look ups. So I make a Krb5 file located at…

asked Dec 06 '19 at 22:18

Adam

votes

1 answer

add_principal: DN is out of the realm subtree while creating "principal@REALM.COM"

I'm trying to create a principal linked to an ldap object according to the MIT documentation. This is my ldap structure:LDAP STRUCTURE Once I've created the UID object in the Ldap ou=people,dc=domain,dc=com, (cn=nano,dc=people,dc=domain,dc=com),…

ldap kerberos sles

asked Dec 05 '19 at 10:29

DRI

votes

1 answer

Login limited to a LDAP group using SSD and Kerberos

I'm trying to learn how PAM, SSSD and nsswitch works. I think these services are so useful although all the documentation over there is a little bit outdated and "esoteric". So I'm here asking for some help. This is how I configured my…

linux ldap kerberos pam sssd

asked Dec 03 '19 at 13:28

DRI

votes

1 answer

Access authorization does not work well after replacing a NAS using Kerberos on a Windows server 2012 R2

Environment: A SOHO network under an Active Directory domain controller on a Windows Server 2012 R2. A NAS with access authorization via Kerberos on the domain controller. The DNS server is on the domain controller. Due to hardware problems, I…

active-directory windows-server-2012-r2 kerberos network-attached-storage netbios

asked Dec 02 '19 at 03:59

Taiki Bessho

votes

1 answer

OpenLDAP ACL's in SUSE, Kerberos configuration

I'm implementing Kerberos with OpenLDAP manually and according to the MIT Documentation, I've to set manually this ACL: access to dn.base="" by * read access to dn.base="cn=Subschema" by * read # Provide access to the realm…

openldap kerberos opensuse sles

asked Nov 30 '19 at 22:17

DG DM

votes

0 answers

Kerberos issue through RRAS VPN

I set up a Windows VPN infrastructure with RRAS NPS CA roles. A user certificate is deployed on each laptop and are joined to a single domain. VPN use IKEv2. VPN is UP, communications are working to our internals networks, except applications that…

windows vpn authentication kerberos

asked Nov 16 '19 at 14:35

ThomasKel

votes

1 answer

Linux root using domain users kerberos tickets

We’ve just migrated a set of Centos6/7 hosts from pure OpenLDAP based authentication to IPA and Kerberos. What surprised us is that a local root user on an IPA enrolled host can use ‘su’ to become an IPA user. If the chosen IPA user is currently…

centos redhat kerberos administrative-privileges

asked Nov 09 '19 at 22:30

Fenster34

votes

2 answers

Kerberos client authentication for a systemd service

I am running a webserver (in this case airflow) on an Ubuntu 18.04 machine which needs to access a SQL Server database which is on the domain/AD. Q: How can I use Kerberos authentication in a systemd service to access a MSSQL database on the…

kerberos systemd

asked Nov 08 '19 at 23:11

telemark

votes

2 answers

Give linux service user access to Kerberos NFS share

I am running a NFSv4 server and a client on two raspbian buster distributions. I use Kerberos to secure the NFS share. On the NFS client, I run the gitea service with git user, which is started on boot. I would like to store the git repositories on…

nfs kerberos service

asked Nov 03 '19 at 13:27

ThinkB4

votes

1 answer

Kerberos error after reinstall

After a reinstall of Kerberos we're now having issues authenticating from Windows to this CentOS server. Running kadmin returns the following error; Authenticating as principal '' with password. kadmin: Client 'domain/user@domain.com' not found in…

centos7 kerberos

asked Oct 25 '19 at 15:47

c4154882

votes

1 answer

nginx - prevent caching authorization info

I am using nginx as reverse proxy for my asp.net core web application. I am using spnego module for nginx for supporting of windows integrated authentication. It is works, but if user enters incorrect credentials, credentials is not prompted again?…

nginx kerberos windows-authentication gssapi

asked Oct 03 '19 at 12:30

DarkGenius

votes

1 answer

Authenticate with SSSD in multiple domains in Ubuntu 18.04

I was able to successfully follow this document to get sssd to work with my Active Directory domain, but I was sad to learn that sssd does not support authenticating with external trusts. I read that you can actually join multiple domains with the…

ubuntu active-directory kerberos sssd

asked Sep 13 '19 at 23:32

tacos_tacos_tacos

3,220
16
58
97

votes

1 answer

Kerberos: Wrong principal / realm for ssh-server login on a server in a subdomain

I currently try so setup the kerberos auth on a server living in a sub domain "sub.example.com". The KDC manages EXAMPLE.COM together with a dns server which manages 'example.com'. Due to organizational reasons we have a subdomain 'sub.example.com'…

ssh kerberos single-sign-on

asked Sep 11 '19 at 15:35

M.K. aka Grisu

votes

1 answer

InitializeSecurityContext failed with SEC_E_DOWNGRADE_DETECTED

I have a question. There's a client and server apps written in Java. Java client connects to server using kerberos authentication, the client need to retrieve a token from the server - it uses Waffle library which uses JNA, which invokes…

windows kerberos single-sign-on

asked Sep 04 '19 at 13:55

wazz

votes

0 answers

SSO for ADFS works on some desktops, but does not on some others

We have a weird issue with SSO through ADFS 3 on Windows Server 2016. While some Windows 10 clients can successfully login in IE, some cannot. All Windows 10 clients are at the same patch level. The issue seems client based and not user based; User…

kerberos adfs single-sign-on

asked Sep 03 '19 at 13:11

mokum

Prev 1 2 3

…

75 76 Next