Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

SSSD ActiveDirectory SSH SSO not working

I have a very well working SSO Setup for Ubuntu 14.04. Unfortunately my setup does not work with Ubuntu 16.04 and I have no idea why. I'm using sssd-ad in combination with ssh for single-sign-on, my problem is, that automatically login is not…

asked Sep 18 '16 at 20:08

HEGE

votes

1 answer

Apache SSO with kerberos and Active Directory error

I have this scenario: a windows 2008 R2 Domain and a linux server (CentOs) with Apache. I need to configure SSO using kerberos in order to permit our internal client using IE or Chrome to authenticate on a website without asking for a password. In…

linux apache-2.2 active-directory ldap kerberos

asked Aug 25 '16 at 15:06

Francesco Da Riva

votes

1 answer

Squid3 athentication whit MS server Active Direcory

Is there an easy way for Squid to use MS AD database?

active-directory debian authentication squid kerberos

asked Aug 17 '16 at 14:00

Mr.Pengu

votes

2 answers

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' and kerberos delegation

We are moving an old application to a new environment using Windows 2012 with IIS 8.5 and I've come across the following error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Could not find a login matching the name provided. [CLIENT:…

iis sql-server windows-server-2012 kerberos

asked Aug 16 '16 at 09:59

paddingtonMike

votes

1 answer

unable to authenticate with kerberos to ipa client from windows 10 machine

I have a domain joined windows 10 computer trying to authenticate via kerberos to an ipa (4.4.0) client (centos 7.2), I can authenticate with user/pass and then kinit but I cannot seem to authenticate with the kerberos tickets on my…

ssh kerberos freeipa gssapi

asked Aug 15 '16 at 20:32

Jacob Evans

7,636
3
25
55

votes

2 answers

Restricting Kerberos Credential Cache to session

Currently we are using a very bad access model to our servers. Every person logs in via ssh to the same unix user. We have several keytabs which are used by everyone and normally the same keytab is used. However sometimes someone needs to use one of…

kerberos kinit

asked Aug 06 '16 at 19:52

Simon

votes

2 answers

Error authenticating squid with Active Directory and Kerberos

I'm trying to integrate squid 3.5.19 with AD/Kerberos (Windows 2008 R2), but I get always TCP_DENIED:HIER_NONE These are the errors in /var/log/squid/cache.log 2016/07/28 10:26:01.583 kid1| 29,4| UserRequest.cc(290) authenticate: No Proxy-Auth…

active-directory squid kerberos

asked Aug 02 '16 at 15:54

sebelk

votes

1 answer

How can extended file permissions (ACLs) be managed by Kerberos in Linux?

Is it possible to have extended file permissions (ACLs) in Linux be managed (enforced?) by adding permissions authenticated by Kerberos?

linux permissions kerberos

asked Jul 07 '16 at 18:37

leeand00

4,807
13
64
106

votes

1 answer

nslcd and kerberos without Reverse DNS

I am trying to get nslcd to connect with an ldap instance using GSSAPI and kerberos authentication. Problem i'm having is that nslcd keeps using the wrong principal to try and connected with the remote ldap server. My guess is its is using a…

ldap openldap kerberos mitkerberos

asked Jul 20 '16 at 15:44

pythonandchips

votes

1 answer

Apache authentication against FreeIPA's Kerberos

I'm currently trying to set up Apache as an authentication portal. It's supposed to act as a reverse proxy with krb authentication. My apache server is named portal.example.com (debian container) My IPA server is named freeipa.example.com (centos…

apache-2.2 debian authentication kerberos freeipa

asked Jun 24 '16 at 15:17

Amina

votes

0 answers

Why is my sshd looking for a wrong kvno in keytab?

My FreeBSD box is using Heimdal Kerberos-implementation. It is registered with the corporate AD, its msDS-KeyVersionNumber-attribute is set to 2, and its keytab has the following entries: FILE:/etc/krb5.keytab: Vno Type …

active-directory ssh kerberos gssapi heimdal

asked Jun 24 '16 at 05:52

Mikhail T.

2,272
1
22
49

votes

2 answers

Can Foreman register a new host with Active Directory?

We use Foreman and Puppet to manage our Unix systems here, but the Kerberos infrastructure is implemented over Active Directory (because Exchange). Registering the newly bootsrapped hosts with AD is a manual process and we'd very much like to…

active-directory kerberos foreman

asked Jun 14 '16 at 19:44

Mikhail T.

2,272
1
22
49

votes

1 answer

IIS 8.5, Kerberos and DFS Backend files

We have a new IIS app (8.5 on server 2012 R2).Some of the links on the site forward to files stored on a DFS (AD Integrated) share. The setup is : IIS 8.5 --> Two DFSN servers --> File server (all Server 2012 R2) I've configured Kerberos and…

iis kerberos dfs

asked Jun 07 '16 at 23:16

mhouston100

votes

1 answer

Calling an URL from a Windows Server 2012 + IE 11 fails with KRB_AP_ERR_MODIFIED error

My problem : Calling an URL from a Windows Server 2012 with IE 11 fails on a IIS Application (with Windows Authentication and Kerberos activated) : After 3 captures of the correct password, I get a 401 error (not authorized) and I can see the…

windows-server-2012-r2 kerberos iis-8.5

asked Jun 07 '16 at 07:46

nmariot

votes

3 answers

kadmin can't find master key

I can't use the kadmin.local interface I just get the error Authenticating as principal root/admin@deadpool.cavill.org.uk with password. kadmin.local: Can not fetch master key (error: No such file or directory). while initializing kadmin.local…

debian kerberos

asked May 10 '16 at 15:58

Ben

Prev 1 2 3

…

75 76 Next