Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
0
votes
1 answer

RHEL: Getting current kerberos/Kinit user ID after login?

I am connecting by SSH to a RHEL6 server. When I SSH into the box, I am challenged for my linux username/password (which is a shared account) username: mySharedLinuxUser pass for mySharedLinuxUser: password123 then I am prompted again for my…
Paul
  • 163
  • 1
  • 2
  • 9
0
votes
1 answer

kpasswd not listening on port 464

I recently made a fresh install of FreeIPA (VERSION: 4.6.90.pre1+git20180411, API_VERSION: 2.229) on Ubuntu 18.04 LTS. Admin credentials work fine, I can log in to the web app just fine, creating users and authentication from client webapps works.…
JBKM
  • 1
  • 1
0
votes
0 answers

Get saslauthd to use a Kerberos principal other than one based on the hostname

We are using saslauthd on a Debian stretch Linux environment. We use saslauthd to do GSSAPI (i.e., kerberos) authentications. I see that saslauthd uses the principal host/ when doing Kerberos authentications where servername is the…
user35042
  • 2,601
  • 10
  • 32
  • 57
0
votes
1 answer

SSSD Based on KDC and OpenLDAP?

I've installed a MIT KDC instance backed by an OpenLDAP instance, all running on RHEL 7. I'm wanting to configure SSSD to pull users and groups from this combination, but I'm running into a lot of issues, since most documentation assumes AD. The…
Dave McGinnis
  • 133
  • 1
  • 12
0
votes
1 answer

Ubuntu cannot mount CIFS share from autofs and KRB5

I've inherited an Ubuntu 14 Fileserver... VERSION="14.04.5 LTS, Trusty Tahr" Client machine is a fresh install of Ubuntu 18 VERSION="18.04.2 LTS (Bionic Beaver)"
autofs/bionic-updates,now 5.1.2-1ubuntu3.1 amd64 [installed]
We are in a…
BurningKrome
  • 525
  • 2
  • 8
  • 21
0
votes
1 answer

AWX Cannot find KDC for REALM

Cannot find KDC for REALM I have an issue with Kerberos and AWX. If I create a ticket manually with kinit testeruser@TEST.PUBLIC.COM, it works without any problem. But if I will use AWX (Credential was set via UI), I get the following error…
Steffen
  • 11
  • 3
0
votes
2 answers

PowerShell error message for script to reset krbtgt account password/keys

We're trying to reset our krbtgt password/keys using the PowerShell script provided by Microsoft, obtained from…
72909903
  • 29
  • 5
0
votes
0 answers

The Kerberos client received a KRB_AP_ERR_MODIFIED error from server

I have a situation where Kerberos authentication is failing. I have checked that the SPN is registered under the correct AD user account that runs the service that needs to use Kerberos to authenticate the user, and not the host itself. The password…
Ringo
  • 121
  • 5
0
votes
1 answer

Kerberos authentication not working with Apache and PHP-FPM

I have configured kerberos authentication in apache with a php-fpm drupal backend. Checking the apache logs it looks fine at first glance but somehow it seems that the authenticated user gets lost somewhere. The Drupal Watchdog Logs say: Does…
macbert
  • 153
  • 1
  • 7
0
votes
1 answer

Authentication policy silo failure on Windows Server 2008 R2

We're deploying Active Directory authentication policies and silos to restrict domain admins to domain controllers and server admins to servers which has worked fine on all of our servers from Hyper-V Server 2012 R2 to Windows Server 2016 (after…
mythofechelon
  • 877
  • 3
  • 22
  • 38
0
votes
1 answer

Kerberos SPN for one FQDN on multiple servers

This is a bit of a weird one. I'm building a new web server hosted on a LAMP stack to replace an old IIS server. Its intended DNS name is currently occupied by the old server. I have SSL certificates set up for the new server, and configs ready to…
Philippe Haussmann
  • 1
0
votes
1 answer

Why would setspn -q return "no such spn found" when setspn -l finds the spn?

I'm attempting to troubleshoot why windows authentication is failing for a website hosted in IIS at a customer site. When executing setspn -l serviceUser to list the spns associated with a service account we get the following output Registered…
Aaron Carlson
  • 133
  • 8
0
votes
1 answer

Kerberos: mount.nfs: access denied by server while mounting

An IPA server providing DNS, NTP and Kerberos auth to two of my lab servers, when tried to mount a Kerberised NFS share, I am getting this error: mount.nfs: access denied by server while mounting DNS, NTP stratum and User Auth via Kerberos works…
Ardneliahs
  • 11
  • 6
0
votes
0 answers

Is it possible to join two kerberos realms inside the same domain?

In the current environment I am working with there are two LDAP directories, one is a Microsoft Active Directory and the other is a RedHat IDM LDAP Directory. Currently both kerberos realms exist inside the same domain (this was something that was…
Mark Jackson
  • 1
  • 2
0
votes
0 answers

Duplicate SPN for File Server Alias

I have two Samba4 AD domain members that serve a couple of replicated shares to users at two sites (same domain, different subnets). Bandwidth and latency don't allow for a clustered solution, so replication between servers A and B runs periodically…
canut
  • 1
  • 3
1 2 3
75 76