Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
0
votes
1 answer

CentOS 7 + Apache with LDAP Configuration Issues

I am working on getting a web app set up behind LDAP. We are running Apache 2.4.6 on CentOS 7.6 (Core). Kerberos is configured and working on the server to provide user access via SSH and SCP. In my /var/www/html directly, I have three sites: Prod,…
Wes
  • 111
  • 1
  • 8
0
votes
2 answers

ktpass.exe failing with ldap_open failed for default server: 0x3a

I am trying to generate a keytab file using the instructions online here. No matter what I do, whether I run this on a domain controller, a member server, in PowerShell as administrator, in cmd as administrator, I get the same error: ktpass /out…
tacos_tacos_tacos
  • 3,220
  • 16
  • 58
  • 97
0
votes
1 answer

SSSD : id don't display groups name subdomain (Child trust)

In dev environnement, with SSSD 1.16.2 (release 13.el7_6.5) on RHEL 7.6 SSSD is configured to request on mch.dev domain. trusted subdomain sub.mch.dev exist (Win2k16) On mch.dev, I have an user 'user1' in Universal groups 'G_TEST' and 'allowed_ssh'.…
user5525652
  • 137
  • 1
  • 4
  • 12
0
votes
1 answer

Kerberos Apache keeps asking for BASIC

After struggling for a very long time with kerberos authentication on my website, I am finally coming to you because I am lost. I am currently creating a classic PHP website and I want to include a seamless authentication by using kerberos. So here…
B. Clerc
  • 3
  • 1
  • 3
0
votes
1 answer

Compound Permissions on windows 2012R2 using Kerberos Armoring

I am trying to setup NTFS Compound Permissions to limit access from certian devices using Kerberos Armoring. As far as I can tell it should be very easy you just set 2 GPO settings. One for the server and then one for the client. Once that is turned…
JamesT
  • 1
0
votes
0 answers

Prevent LDAP requests

I have a work laptop that I connect to my local lan as well. On it I have a pi-hole. On it I can see that the laptop makes an awful lot of requests to the office domain which of course is not available at home. I am playing around with it and want…
jayb42
  • 1
0
votes
0 answers

Diagnosing NFSv4 Authentication Issues

I've got a couple of NFSv4 shares (with Kerberos authentication). Most of the time they work quite well, but when there's an issue they can be a pain to fix. I put this down to them being quite opaque as far as internal operations and error messages…
Adam Luchjenbroers
  • 218
  • 1
  • 2
  • 10
0
votes
1 answer

How to configure Kerberos authentication on the browsers which are on CITRIX page?

We are connecting to our secure client network via CITRIX. We are using chrome to open all quick links. like ambari etc. They open and we are good there, but other useful links like RM and HISTORY server links, do not open as it needs kerberos…
akash sharma
  • 103
  • 2
0
votes
1 answer

How does ssh logins with Kerberos authentication exactly work from every client while Kerberos uses mutual authentication model?

I have my system authentication managed with SSSD which uses Kerberos. As kerberos support mutual authentication model i.e., both client and server should support Kerberos, how exactly does SSH to the server work from any client like putty or…
GP92
  • 599
  • 2
  • 6
  • 25
0
votes
0 answers

Configuration NFS v3 Kerberos on Centos 5.x

Platform: CentOS release 5.5 Installed the kb5-libs , krb5-server krb5-workstation in the NFS Server. The NFS Server IP and Machine IP are different. Machine IP : 172.xx.xx.xx NFS Server IP: 169.254.xx.xx Installed the rpcidmapd and rpcgssd ,…
BRAJU
  • 1
0
votes
2 answers

How to enable AD authentication with Kerberos on Linux (Debian)?

I want local users to be able to log in to a Linux server using their Windows domain (AD) passwords. (All local accounts have a matching userid in AD). I've installed libpam-krb5, and the main settings in /etc/krb5.conf seem ok: default_realm =…
Jonik
  • 2,911
  • 4
  • 37
  • 48
0
votes
0 answers

Pass through authentication with LDAP and Kerberos

I have a SLES 12 server and installed and configured MIT KDC and openLDAP. I want to use pass through authentication in openLDAP so that the password is only stored in the KDC and I don't have to specify in the openLDAP as well. I have been…
orak
  • 123
  • 6
0
votes
1 answer

Compiling mod_auth_kerb on OS X

I'm trying to get mod_auth_kerb installed, but I can't seem to find any information on compiling it on OS X. I'm getting the following when I attempt to compile: ./apxs.sh "-I. -Ispnegokrb5 -I/include " "-dynamic -g -O2 -arch x86_64…
bshacklett
  • 1,378
  • 4
  • 19
  • 37
0
votes
1 answer

AD/Kerberos authentication

Need some help on authentication. Noticed in the our logs that user1 has a ton of Kerberos pre-auth failures. User1 has a bad password. However when I look at the logs more closely, I'm a little confused on the events. User1 is authenticating…
nizbit
  • 1
0
votes
0 answers

Restricting access to users/groups of NFS mount through FreeIPA

I setup a NFS mount through the following guide with FreeIPA. Short instructions on first post: Unable to mount kerberized nfs? Long…
Kevin Vasko
  • 185
  • 5
1 2 3
75 76