Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

Linux daemon accounts and kerberos

there is something I can't grasp about security in Linux. I have a piece of software, it's running as a service on user X, it needs RW for directory Y owned by user Z and group C (both which is in LDAP) (this is running on a separate VM - and vm is…

centos kerberos posix

asked Oct 16 '18 at 16:43

ColdIce

votes

1 answer

Authenticate with Kerberos to a CIFS share provided by OpenSolaris

I have an OpenSolaris server (running snv_128a) which I have (a) joined to an Active Directory domain and (b) configured to export some filesystems via CIFS: # sharemgr show -vp default nfs=() zfs zfs/rpool/export/public nfs=() smb=() …

authentication kerberos opensolaris cifs

asked Dec 11 '09 at 18:59

larsks

41,276
13
117
170

votes

1 answer

gssd: What is ?

rpc.gssd's man says: rpc.gssd searches in the following order for a principal to use. The first matching credential is used. For the search, and are replaced with the local system's hostname and Kerberos realm. …

nfs kerberos

asked Oct 08 '18 at 10:16

intelfx

votes

0 answers

Mount CIFS/SMB file share with S4U2Proxy?

Is there any way to mount a CIFS/SMB file share by authenticating with S4U2Proxy? I need a middleware service to mount a file share and it has a Kerberos ticket from the user who logged into it. I've gotten as far as having a proxy ticket for the…

kerberos cifs smbfs

asked Oct 04 '18 at 18:52

Chris

votes

1 answer

SSSD AD Integration - Clarification on Computer to join AD

Objective Clarify Computer, Not User, when integrating a Linux box with a Windows Domain. Background Having confusion because most SSSD AD information focuses on User Authentication, however apparently in a Windows Domain, the computer to which the…

linux active-directory domain-controller kerberos sssd

asked Sep 29 '18 at 10:22

mon

votes

2 answers

What does it mean to "add" a principal to a keytab file in Kerberos?

In this documentatation they mention that you can use the ktadd command that "add a principal to an existing keytab". Does adding a principal mean that the principal now has access to that host (in which ktadd was run) or that the host (in which…

kerberos mitkerberos

asked Sep 11 '18 at 21:52

Jorge Silva

votes

1 answer

NFS w/Kerberos - Network change broke auth?

So, I've recently changed my network setup a bit, and for reasons I'm still trying to suss out replacing the old router with a new PFSense box appears to have broken the authentication within the network somehow. The network setup uses a Kerberos…

kerberos pfsense nfs4

asked Sep 08 '18 at 09:53

Adam Luchjenbroers

votes

0 answers

Apache Single Sign On Working on 1 of 2 Portals

I use a helpdesk system in our intranet that I've configured for Single-Sign-On via LDAP/Active Directory. The helpdesk server itself lives on an Ubuntu 16.04 Server box running on Apache, Server version: Apache/2.4.18 (Ubuntu) Server built: …

apache-2.2 active-directory ldap kerberos single-sign-on

asked Sep 07 '18 at 15:41

Pietro Aretino

votes

0 answers

Kerberos Double Hop Delegation from IIS to SQL server (using django)

I need to pass the credentials (Integrated Windows Authentication) from a django website on IIS onto a backend SQL server so that it runs under the proper user context. This is how my setup looks so far: Running SQL Server on sql_sever.domain.com…

iis sql-server kerberos django delegation

asked Aug 31 '18 at 18:58

notarobot

votes

1 answer

Is "/var/kerberos/krb5kdc/kadm5.acl" the only way to specify administrators in kerberos?

The documentation for RHEL explains how to make users administrators through the /var/kerberos/krb5kdc/kadm5.acl file, but does not specify if this is the only way to do this. Are there any other ways to specify principals with administrative…

kerberos

asked Aug 24 '18 at 02:12

Jorge Silva

votes

0 answers

Samba ADS: Cannot contact any KDC for requested realm

I followed this Setting up Samba as an Active Directory Domain Controller - wiki and all seems fine (kinit,klist,net ads user,net ads group work). Adding users without password also works, but if I set any password, it fails: net ads user add tester…

active-directory samba domain-controller kerberos samba4

asked Aug 15 '18 at 05:52

lepe

votes

2 answers

ktpass command "WARNING: The Key version used by Windows (277) is too big.."

I'm trying to create the keytab for a service account, it worked just fine few days ago, when I came back and run it I've gotten an warning message and I want to know what is the cause and how to solve it: ktpass -princ http/contoso1.com@abc.com…

windows kerberos

asked Jun 25 '18 at 08:17

Ender

votes

0 answers

Apache Kerberos SSO without login prompt

I've successfull implemented SSO with Kerberos an a apache webserver. Whenever a user opens the webpage, he is prompted to enter his credentials (username@REALM & password). Is there a possibility to log him in directly, without the login…

kerberos apache2 single-sign-on

asked Jun 06 '18 at 09:48

Jonas Hüsser

votes

1 answer

Linux password via kerberos unable to reset

When I try to reset a ldap user password from client machine I am getting the following error $ passwd Changing password for user demo. Current Password: New password: Retype new password: passwd: Authentication token manipulation error From…

linux ldap openldap kerberos

asked May 31 '18 at 19:55

Dino Daniel

votes

1 answer

Using same password for kerberos and openldap

We have a working structure for our hadop where openldap was used for authentication with below structure,along with ranger and knox. openldap root:- dn: dc=abchadoop,dc=com,dc=za Subtree inside openldap like below:- dn:…

security openldap kerberos hadoop mitkerberos

asked May 08 '18 at 20:27

anwaar_hell

Prev 1 2 3

…

75 76 Next