Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

0 answers

LDAP Kerberos authentication on linux

I have configured my RHEL linux machine to be authenticated against active directory without being joining it to domain, using nss-pam-ldapd pam_ldap samba-winbind openldap-devel krb5-devel. I am able to login on linux machines using active…

linux openldap kerberos

asked Jul 31 '15 at 08:07

Subodh

votes

0 answers

kerberos cross realm authentication

I want to do setup for kerberos cross realm service authentication using active directory. My question is that should I create a different domain (I read somewhere that realm is a domain) or should I create a different domain controller in same…

active-directory domain-controller kerberos

asked Jul 16 '15 at 11:00

prateek goyal

votes

2 answers

How can I audit Ip adresses of users logging into system?

I have a group of servers which use Kerberos for authentication. We distribute keytabs to users but want to ensure that a user never pass their keytab to someone else. Essentially we need to audit the Ip's of users logging into our system. If the Ip…

security redhat ip kerberos audit

asked Jun 24 '15 at 15:29

Josh Wyatt

votes

1 answer

kdm and ssh detecting different fully qualified domain name when using kerberos authentication

I'm attempting to setup Kerberos login support (Windows AD domain providing the kerberos) for Kubuntu 12.04 Linux workstations at the company I'm at. It's almost completely working but I can't get kerberos working both for machine logins (via kdm)…

linux active-directory ssh kerberos gssapi

asked Jun 18 '15 at 05:53

Jason Alavaliant

votes

1 answer

Does "Kerberised" NFSv4 securely protect against a malicious client spoofing the user

I have read conflicting statements about whether shares exported via NFSv4 with sec=krb5 are cryptographically protected against a malicious client mounting the share and then spoofing the user to gain access to unauthorised files. For example, here…

security kerberos file-permissions nfs4 gssapi

asked Jun 15 '15 at 13:45

Terry Burton

votes

2 answers

Apache 2.2 mod_auth_kerb SSO stopped working

I'm all out of ideas why has it just stopped working, here's what I checked: httpd-error.log: [Thu Jun 11 18:04:21 2015] [debug] src/mod_auth_kerb.c(1758): [client 10.105.5.131] kerb_authenticate_user entered with user (NULL) and auth_type…

apache-2.2 kerberos single-sign-on mod-auth-kerb

asked Jun 11 '15 at 15:44

pupkinsen

votes

2 answers

Kerberos PuTTY from non-domain machine via VPN

Feels like I'm missing something fundamental here... Have a non-domain machine (personal machine off site) from which I VPN into our work network. Once connected, from 'klist', it appears my VPN client (Juniper) has negotiated a Kerberos ticket…

windows kerberos putty

asked Jun 04 '15 at 13:37

rayvd

votes

1 answer

Kerberos SSO virtualhost different domain

I have a running centos6.6 server who authenticates against a windows 2008 AD with realm EXAMPLE.LOCAL. I have successfully configured an apache webserver for authentication through kerberos keytab file. The name of the server is…

apache-2.2 centos virtualhost kerberos single-sign-on

asked May 26 '15 at 12:35

Andries

votes

0 answers

Kerberos constrained delegation

There is a small problem with the setting Kerberos constrained delegation in Active Directory. The scheme works as follows: 1. Client workstation. 2. Web server with Windows 2008 Ent installed IIS (iis.domain.lab). Is a front-end server, the W3SVC…

iis kerberos delegation

asked May 25 '15 at 13:29

cortes_

votes

1 answer

SCOM: SQL Server cannot authenticate using Kerberos

For past few months, we are getting these kind of alert in SCOM stating SQL Server cannot authenticate using Kerberos. One thing to note here is that this alert is coming from only one server not other server which were built at the same time. Also…

sql-server kerberos scom

asked May 22 '15 at 00:44

user2068804

votes

1 answer

Samba4 and Kerberos configuration on a dedicated server

I try to set up Samba 4 on a dedicated server from kimsufi.com but I have difficulties configuring Kerberos and Samba4. I am very confused about IP, Realm, Domain, NetBIOS, DNS etc. in Kerberos and Samba. All tutorials I found by Google seem to…

kerberos dedicated-server samba4

asked May 13 '15 at 15:34

alf-on

votes

1 answer

unable to change environment variable using setenv()

I have an a member server with a windows PDC with active directory. Security=ads. I am trying to set an environment variable(credential cache) using C: setenv("CCACHE","cache_name",1); However, when i do a getenv("CCACHE"), its still showing the…

windows networking active-directory samba kerberos

asked May 07 '15 at 09:40

xerocool

votes

1 answer

Kerberos constrained delegation using Citrix NetScaler

I'm currently evaluating Citrix NetScaler VPX (NS10.5 56.12.nc) as a potential replacement for Microsoft TMG server. Kerberos Constrained Delegation is at the top of my list of mandatory features. Example: A web application is published via TMG.…

kerberos netscaler

asked Apr 24 '15 at 07:25

bitfrickler

votes

2 answers

Integrate Squid Kerberos auth and Squidguard ldapusersearch into AD

I'm having trouble with Squid Kerberos auth and the Squidguard ldapusersearch that I use to apply ACLs by Active Directory groups membership. The problem is : Squid and Squidguard see my user as : user@domain.local so the '%s' variable of…

linux ldap squid kerberos

asked Apr 13 '15 at 08:27

Timothée Christin

votes

1 answer

AWS EC2 Server can not access a fileshare over a VPC VPN using the machine name

I have a windows server on EC2 that is connected to my office via VPN. I'm having an issue connecting to file shares over the VPN. I'm able to connect if I use the IP address for example if I use \192.168.1.201 I can connect and transfer files…

windows amazon-ec2 kerberos sonicwall amazon-vpc

asked Mar 23 '15 at 21:44

pehaada

Prev 1 2 3

…

75 76 Next