Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

0 answers

Configuring PAM to access a Kerberized cluster

I have the following situation: I have a server running RHEL 7.4. This server's main purpose is to host an RStudio Server Pro instance, which allows users to connect to a kerberized Hadoop cluster in a different realm to leverage its distributed…

kerberos pam

asked May 02 '18 at 08:36

xeroqu

votes

0 answers

Login/permissions problems after installing Kerberos client

Login/permissions problems after installing Kerberos client After setting up a kerberos server (on a separate machine) and installing kerberos client on Ubuntu 16.04 desktop (and laptop), I have authentication and permissions problems I believed are…

ubuntu permissions authentication kerberos pam

asked Apr 30 '18 at 19:14

Paul B

votes

1 answer

Detect whether a user is using keytab or password in Windows

So my question has been explained from the title. I'd like to know how to detect whether a user is using keytab or password for authentication to Domain Controllers. I'm thinking about checking for log file to see what session has been used and if…

authentication kerberos

asked Apr 11 '18 at 11:30

Ender

votes

1 answer

Why both userPassword and krbPrincipalKey

When configuring MIT Kerberos to use an LDAP database instead of DB2, I was surprised to see that user password hashes are stored in two different fields: userPassword and krbPrincipalKey. Seems the hashing algorithms may be different, but that…

ldap openldap kerberos freeipa mitkerberos

asked Apr 05 '18 at 20:32

Ryan

votes

1 answer

Kerberos Authentication in a Mixed (Windows and LINUX) Environment

I need to map the Service principal name for the user in an Active Directory from Linux environment, where my KDC is located, to Windows. Is there a way to map the AD user from Linux rather than mapping them using setSPN in the Windows environment?…

active-directory kerberos mitkerberos

asked Mar 20 '18 at 11:21

karthik

votes

0 answers

Using OpenLDAP as back end for Kerberos

We want to integrate our existing security setup (Apache Knox, OpenLDAP, Apache Ranger) with Kerberos. So what I understood through some blogs that we can use OpenLDAP as a back-end for the Kerberos database. But facing some issues and confusion…

ldap openldap kerberos hadoop

asked Mar 10 '18 at 08:16

anwaar_hell

votes

1 answer

Add Service Principal Name to Keytab file on Windows

What command can I run on windows to add a SPN to a keytab file on Windows? It seems all the documentation I can find is for linux.

windows kerberos spn

asked Mar 09 '18 at 07:21

MagicL

votes

2 answers

query Kerberos encryption modes supported by AD through LDAP

In short: I need a way to retrieve the encryption modes permitted in the network security policy of a Microsoft DC. The encryption mode is essential to creating the right set of keys for service principals in the local keytab of a host. User…

active-directory ldap kerberos

asked Feb 09 '18 at 10:44

phg

votes

1 answer

Simple way to secure a local network from unauthorized internal access to resources

Imagine this simplified scenario: a small business has an owner, a bookkeeper, a part-time sysadmin and a few dozen employees; the company has an all-Linux LAN. (Most computers run Arch Linux.) No outside (WAN) access to the LAN is configured; LAN…

ldap authentication nfs kerberos sssd

asked Jan 30 '18 at 06:36

MountainX

votes

1 answer

Is there any problem using the ftpd that comes with Kerberos on CentOS?

I need to configure ftpd on a CentOS 5.3 host to allow anonymous ftp (upload and download) from a well defined directory. I wish the setup to be as simple as possible, and to introduce as little new dependencies as possible. Scanning the current…

linux centos redhat kerberos ftp

asked Nov 29 '09 at 13:47

Chen Levy

votes

1 answer

How to see what Kerberos Encryption is being used?

I need to show what encryption is being used for kerberos on Windows Server 2008 R2. Is there a command I can run? Is kerberos also used for local Windows Server account authentication or is it only for Active Directory?

windows-server-2008-r2 kerberos

asked Dec 12 '17 at 17:54

neildeadman

votes

2 answers

Group policy not updating on Windows Server 2012 R2

I have a small solution for one of our customers. There are 3 servers, a Domain Controller, Session Host Server and a Sage Server. Just recently we've noticed that group policies are no longer applying to users logging in to the Session Host server.…

domain-name-system windows-server-2012-r2 group-policy kerberos

asked Dec 04 '17 at 11:40

John

votes

1 answer

Why does sshd ask for a host service principal when authenticating a user via pam or KerberosAuthentication

I've setup Ubuntu for testing purposes. -Installed MIT kerberos (latest) -Installed OpeenSsh(latest) I've setup and have working both KerberosAuthentication and pam_krb5 types of authentication as well as GSSAPIAuthentication. All is well there.…

ssh kerberos

asked Nov 20 '17 at 05:18

jouell

votes

2 answers

sshd and Kerberos - getent passwd

When setting up sshd with Kerberos on Ubuntu, one needs to "make sure that each each user has a valid account, either on the local host (via adduser or similar), or through a shared source such as LDAP Why is that? I can see if you use the…

ssh kerberos

asked Nov 20 '17 at 03:36

jouell

votes

2 answers

Given X.500 directories and PKI, why use Kerberos?

I'm aware that Kerberos can use PKI, PKI provides encryption and authentication, Kerberos is designed more for authentication than encryption, Microsoft implements the Kerberos KDC by "using Active Directory as its account database," and that Active…

active-directory kerberos

asked Nov 19 '17 at 07:04

mellow-yellow

Prev 1 2 3

…

75 76 Next