Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

3 answers

MIT Kerberos keeps asking for password when authenticating to OpenSSH

I am trying to setup a simple Kerberos environment which consists of a Kerberos server (KDC), a client machine and a server machine running an OpenSSH daemon. The client is supposed to be authenticated through Kerberos when establishing an SSH…

asked Jun 14 '17 at 22:58

arne.z

votes

1 answer

Joining AD domain with Windows 10 using smart card

My Windows "domain-centric" company has abruptly decided to make the switch from Windows 7 to Windows 10, and it has become my job to make their prepared image join our domain with our smart card/token based authentication system. This was an issue…

windows-server-2012 domain kerberos windows-10 smartcard

asked Apr 06 '16 at 01:11

Y. Park

votes

3 answers

Do Linux servers using AD/Kerberos for authentication/authorization need computer accounts?

I am confused about whether Linux servers using Active Directory (AD) and Kerberos need computer accounts created? Does the Linux server as a machine need to join an AD domain and in doing so have a computer account to have…

linux active-directory ldap kerberos sssd

asked Feb 20 '16 at 02:23

Padge

votes

2 answers

Kerberos service login only possible for 30 minutes after running ktpass.exe

I'm trying to Kerberize an Apache-server, and allow the created server principal to sign on to the Active Directory. I've followed one of the numerous tutorials available online, and it seems to work fine. I'm on the Linux side of the project, and…

linux active-directory kerberos

asked Aug 21 '15 at 19:33

Saustrup

1,183
1
8
12

votes

1 answer

Seamless SSO with Kerberos, IE, Firefox, LDAP Active Directory

Alias /students /var/www/students KrbServiceName HTTP KrbMethodNegotiate On KrbMethodK5Passwd On KrbSaveCredentials off KrbAuthRealms DOMAIN.LOCAL Krb5KeyTab /etc/httpd/keytab KrbAuthoritative off AuthType…

apache-2.2 php active-directory ldap kerberos

asked Sep 28 '09 at 17:36

Brad

votes

3 answers

OpenSSH two factor authentication combined with Kerberos / public key

I'm trying to implement two-factor authentication for OpenSSH. The environment is Centos 7 (kernel: 3.10.0-229.1.2.el7.x86_64) with OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013. We have Active Directory (LDAP) + Kerberos deployed. The…

authentication ssh kerberos pam

asked May 04 '15 at 15:02

dgyuri92

votes

1 answer

How can one enable DES-encrypted keys on an Apple KDC?

We are running a KDC on OS X 10.10 Yosemite, to which we have added a service principal for remotely accessing a (legacy) host: $ kadmin add -r host/a.b.c.d@REALM Since the host only supports des-cbc-crc key encryption, we then tried…

mac-osx kerberos mac-osx-server heimdal

asked Dec 15 '14 at 19:07

eggyal

votes

3 answers

nfs4 and kerberos: Wrong principal in request

My client/servers are both running Ubuntu 14.04 and kerberos user authentication works as intended. regular nfs4 mounts also work fine. All machines are running heimdal libraries. I haven't been able to get kerberized nfs4 working though. When…

ubuntu kerberos nfs4 heimdal

asked Jun 22 '14 at 09:41

cebalrai

votes

4 answers

SQL Server running under a domain account cannot register its SPN

I am trying to configure a fresh install of SQL Server to run under a domain account. However, I get intermittent errors when trying to connect to the server using another domain account, and I still see The SQL Server Network Interface library…

active-directory sql-server kerberos

asked Feb 04 '14 at 18:55

jimbobmcgee

2,645
4
24
40

votes

4 answers

kinit & pam_sss: Cannot find KDC for requested realm while getting initial credentials

I have a very similar problem as described in this thread on CentOS 6.3 authenticating against a 2008R2 AD DC. Here is my krb5.conf, I know for a fact that XXXXXXX.LOCAL is the true domain name: [logging] default = FILE:/var/log/krb5libs.log kdc =…

active-directory windows-server-2008-r2 kerberos pam sssd

asked Nov 19 '13 at 00:24

Sauraus

votes

3 answers

Ubuntu 12.04, Windows 2012 Active Directory Integration, Kerberos won't resolve service principals

after having checked the whole internet literally, I hope that I might get help here. I am trying to accomplish integration of ubuntu 12.04 servers into a Windows 2012 active directory with nfs and single sign on. setup: srv02 Windows…

linux ubuntu active-directory windows-server-2012 kerberos

asked Aug 26 '13 at 19:33

Michael

votes

3 answers

Will kerberos work with CNAMEs if I have the SPN created for the A record as well?

We are currently setting up a SQL 2012 environment and it will be used for storing data that will be accessed by SSRS in sharepoint integrated mode. We will be using Kerberos for authentication. Something we would like to be able to do is use cnames…

sql-server kerberos cname-record spn

asked Feb 21 '13 at 22:03

AnthonyM

votes

1 answer

Linux Client Active Directory Authentication stops working when failover

I have an issue with Linux clients trying to AD authentication by targeting a DNS name (corp.example.com). I have 2 Domain Controller servers DC1(10.0.0.3/24), DC2(10.1.0.3/24) both domain controllers for corp.example.com. Before starting this each…

linux authentication domain-controller kerberos srv-record

asked Nov 29 '12 at 19:18

Jim

votes

5 answers

error reading keytab file krb5.keytab

I've noticed these kerberos keytab error messages on both SLES 11.2 and CentOS 6.3: sshd[31442]: pam_krb5[31442]: error reading keytab 'FILE: / etc/ krb5. keytab' /etc/krb5.keytab does not exist on our hosts, and from what I understand of the…

linux centos active-directory kerberos

asked Nov 08 '12 at 14:21

Banjer

3,854
11
40
47

votes

0 answers

What breaks in a Windows domain if a member has a high time skew?

It's taken for granted by most IT people that in a Windows domain, if a member server's clock is off by more than 5 minutes (or however many minutes you've configured it for) from that of its domain controller - logons and authentications will…

active-directory kerberos

asked Oct 19 '12 at 15:56

Ryan Ries

55,011
9
138
197

Prev 1 2 3

…

75 76 Next