Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

0 answers

Obtain krb ticket for another user

I have a system account in my domain (DOM\sys) and it has access to service cifs/server@DOM. I want to obtain a ticket for this service using my own account (DOM\user). In other words I need sudo-like mechanism for kerberos - to obtain sys'es ticket…

active-directory kerberos

asked Mar 10 '15 at 11:45

joozek

votes

1 answer

Slave Kerberos behind NAT - kprop fails: Incorrect net address while decoding database size from client

I want to synchronize MIT Kerberos database from master to slave, which is in a different geographical location. kprop synchronization fails because of a NAT. Is there any solution to have kprop working? Except VPN and manual database copy with…

kerberos mitkerberos

asked Mar 01 '15 at 16:53

Xdg

votes

2 answers

Authentication fails when using ARR to load balance Lync 2013 internal web services

I'm using Application Request Routing 3.0 on Windows Server 2012 R2 to load balance the internal web services on a Lync 2013 front-end pool; I'm not using it to reverse proxy the external web services (there is a separate reverse proxy for that),…

kerberos windows-authentication lync arr lync-2013

asked Feb 20 '15 at 13:41

Massimo

68,714
56
196
319

votes

1 answer

Client not requesting Kerberos authentication

My client is not requesting Kerberos tickets, but does when using fiddler. I was then advised not to use fiddler and use Wireshark, using this I can see that the client is sending an NTLM authorization when making the http request. I also enabled…

kerberos iis-8

asked Feb 18 '15 at 16:08

Noreen

votes

0 answers

Establish FAST encrypted channel between linux client and windows server

I am trying to setup windows server for FAST encrypted channel support to test OTP pre authentication in kerberos. I have already tested on linux machine by deploying KDC using krb5-1.12.1 source code, freeradius server and using keytab of service…

windows active-directory kerberos mitkerberos

asked Feb 18 '15 at 10:07

Faisal Ali

votes

2 answers

kadmin cannot list principals "requires list privileges"

I can authenticate fine via kadmin however cannot list principals? [root@server ~]# kadmin -p admin Authenticating as principal admin with password. Password for admin@org.domain.com: kadmin: listprincs get_principals: Operation requires ``list''…

linux centos security kerberos freeipa

asked Feb 13 '15 at 15:40

krisdigitx

votes

1 answer

Setting up Secure Hadoop Cluster - Kerberos security

I setup a HDP 2.2 cluster successfully (1 NM, 3 DNs and 1 client). User accounts to access HDP cluster are created in client and checked these users can submit jobs, by SSH to client node and run sample jobs. In next step I enabled Kerberos…

kerberos hadoop

asked Feb 12 '15 at 06:09

Krishna Jit

votes

1 answer

[root@pcm-ipa-01 tmp]# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)freeipa kadmin admin principal not found

I have installed freeipa on centos and after restarting the service seems to have lost authentication for "kadmin" [root@pcm-ipa-01 ~]# kadmin init Authenticating as principal root/admin@MY.DOMAIN T with password. kadmin: Client not found in…

linux centos kerberos freeipa

asked Feb 09 '15 at 11:40

krisdigitx

votes

2 answers

Windows Integrated Authentication with IIS Farm and subapplications

Assume the following site layout www.contoso.com - runs as CONTOSO\sitePool www.contoso.com/subSite1 - runs as CONTOSO\subPool1 www.contoso.com/subSite2 - runs as CONTOSO\subPool2 The pages should use Kerberos for authentication - so I assigned…

iis authentication kerberos

asked Jan 14 '15 at 15:33

TGlatzer

votes

2 answers

Apache/mod_auth_gss authentication failure

Sorry if this is the wrong stackexchange site for this. Based upon the documentation (for reference I also used this blog post) I have this in httpd.conf: # Increase max size of HTTP request headers so we are sure it can hold any SPNEGO…

authentication apache-2.4 kerberos single-sign-on

asked Jan 09 '15 at 16:09

Dr.Avalanche

votes

1 answer

kerberos5 unable to authenticate

We have a Debian file server, configured to serve up samba shares, using winbind and kerberos. This is configured to authenticate against a Windows2003 DC. All worked fine until recently when I did a maintenance update on all packages. Since then,…

samba kerberos winbind

asked Sep 14 '09 at 10:13

wolfgangsz

8,767
3
29
34

votes

0 answers

Kerberos Authenticator Encryption Type NULL

So, I've been working on a SSO enabled XMPP application on our network for a couple weeks. I have 95% of the bugs worked out, and everything is running smoothly. The problem is that I have a couple machines that are not connecting, giving me the…

windows-server-2008-r2 kerberos single-sign-on windows-xp

asked Dec 10 '14 at 23:56

Jonathon Anderson

votes

0 answers

password ipa idm redhat change itself

I am new in Kerberos and I don't know why the password change itself I create another account but the problem persists after generating keytabe in IPA client the password of admin IPA idm redhat change itself then I can't access unless a re-initial…

password kerberos

asked Nov 21 '14 at 15:55

user1686271

votes

1 answer

Does Active Directory alone is not enough to secure hadoop?

I am trying to secure Hadoop environment installed in windows. So basically I started to analyse how to secure a Unix-based hadoop cluster. Have gone through various links related to Kerberos and other Apache Add-ons(Knox/ Rhino/ Sentry).. Yet to…

active-directory security ldap kerberos hadoop

asked Nov 21 '14 at 09:43

Dinesh Kumar P

votes

1 answer

libnss-ldap getent passwd - AD replies correctly but output shows local /etc/passwd

I am trying to configure libnss-ldap to provide AD authentication to my Linux Debian servers. This is working fine if user exists locally, I want to make it work for Domain users. Here is my /etc/ldap.conf file content: host $AD_IP base…

active-directory ssh debian openldap kerberos

asked Oct 22 '14 at 14:13

philippe

2,131
4
30
53

Prev 1 2 3

…

75 76 Next