Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

Autofs + NFS + LDAP sudo problems

I have a setup very similar to Dan Bishop's Ubuntu 12.04 Ultimate Server Guide. I actually created a series of ansible scripts to automate this process on my github. So I have ldap+kerberos set up on a machine that client boxes are connecting to.…

asked Aug 12 '13 at 18:25

jgrowl

votes

1 answer

kerberos: kadmin interface not working

We are using kerberos for authentication with pam module. We need to reinstall kerberos on another machine. So , I took kerberos dump and planned to restore using it. kdb5_util -sf stash load kdc.dump After that , I can able to access…

kerberos

asked Jun 26 '13 at 05:55

kannanrbk

votes

1 answer

Kerberos authentication between 2 applications

We work on a server 2003 and server 2008 R2 enviroment. I'm familiar with the basic usage of the Kerberos protocol where the protocol authenticates a client when he tries to use a shared resource (server, folder, printer, etc.). We have three…

authentication kerberos

asked Jun 25 '13 at 19:48

Spivi

votes

1 answer

AD accounts on centos 6.4 not showing up despite successfull wbinfo -u

I have a centos 6.4 box with samba 3.6.9 which I have connected to MS server 2008 R2. That part seems to work fine, since I can see my AD users and groups with wbinfo -u and wbinfo -g. What does not work is using the AD users on the centos box. I…

windows-server-2008-r2 centos6 kerberos winbind

asked Jun 13 '13 at 14:57

Isaac

1,195
3
25
43

votes

1 answer

Kerberos + Ldap Setup not working with ssh

I have a Kerberos 5 + LDAP configuration in the same server. They both work well (I assume). Kerberos works fine when asking for a TGT. The problem comes when I try to login from client1 to client2 via passwordless ssh... It keeps asking me for a…

ssh ldap kerberos single-sign-on

asked May 23 '13 at 20:39

hecstevez

votes

2 answers

Kerberos pre-authentication failed on nfs mount

I have the following nfs export: /home/users 192.168.1.0/24(rw,sec=krb5p,no_subtree_check,nohide,async,anonuid=65534,anongid=65534) When trying to mount that on a client I get: client:/home # mount -t nfs4 -o sec=krb5p server:/home/users…

nfs kerberos pam

asked May 12 '13 at 19:22

d_inevitable

votes

2 answers

Kerberos with active directory from linux

I have windows stations and a linux server - and I would like to perform SSO using Windows-Kerberos (via Active Directory - the same one all users on the windows station use). And so - I have searched many examples and ways of acheving this goal:…

java linux kerberos

asked May 09 '13 at 20:12

user967710

votes

1 answer

NFS + Kerberos: can regular users access mounted directory without Kerberos ticket (kinit)?

I had this issue, which turned out to be caused by lack of Kerberos ticket. So the user can access NFS mount after doing kinit. Is there any way to let users access NFS mounts without a need to acquire Kerberos ticket? Update: Please note that the…

kerberos nfs4

asked Apr 30 '13 at 12:07

Mike

votes

1 answer

NFS4 with Kerberos: DNS not enough, need entries in /etc/hosts (Why?)

I've had some hard time configuring NFS4 with Kerberos last time. Finally I made it but there are few things I do not fully understand yet. One of them is: why DNS resolution of hostnames is not enough? I have 2 machines: nfsserver, nfsclient. Both…

domain-name-system kerberos nfs4

asked Apr 30 '13 at 08:58

Mike

votes

1 answer

How to list Samba 4 shares using server's IP and Kerberos authentication?

I am successfully able to list the Samba 4.0.3 shares by using smbclient -L myhostname -k command. However I am unable to do the same by using smbclient -L 192.168.1.2 -k and I get the session setup failed: NT_STATUS_LOGON_FAILURE error. However…

samba kerberos file-server share

asked Apr 25 '13 at 18:11

KristoZ

votes

1 answer

NFS4 + Kerberos: BAD_ENCRYPTION_TYPE, GSS: Encryption type not permitted, hang on "doing downcall"

I am trying to get NFS4 + Kerberos to work on Debian Squeeze. I have 3 test machines: nfsserver, nfsclient, nfskerberos What I've got is: root@nfsclient:~# mount -v -t nfs4 -o sec=krb5 nfsserver.mydomain.com:/export /import mount.nfs4: timeout set…

nfs kerberos

asked Apr 05 '13 at 10:34

Mike

votes

1 answer

Multihop Kerberos delegation on IIS7 / Windows 2008

So here I am again dealing with probably the number one support question on IIS, SPNs. I am not a novice when it comes to this, having lived the pains of getting SSRS front ends to delegate for SQL and SSAS back-ends in a number of different…

windows-server-2008-r2 iis-7.5 kerberos delegation spn

asked Mar 26 '13 at 23:05

tlum

votes

2 answers

Kerberos authentication for Git server?

I have a Git server, and I want to make it usable by all Kerberos-logged users. eg: if a user has a valid Kerberos ticket, she can start pushing to Git without having to provide any username/password. Is it even possible to do this with Git? All I…

git kerberos single-sign-on

asked Feb 27 '13 at 09:10

Nicolas Raoul

1,314
7
22
43

votes

3 answers

can't login after generating keytab file

I generated a keytab file with the following command: ktpass /out http-web.keytab /mapuser Administrator@my.domain.bar /princ HTTP/localhost:8080@my.domain.bar /pass * However, now I can't seem to login as the Administrator using the same password…

windows-server-2008 kerberos

asked Feb 06 '13 at 15:59

birdy

votes

2 answers

F5 authentication using kerberos keytab

Our network gear use tacplus for authentication and authorization. tac itself authenticates using kerberos. For one of the projects we need automated login to a F5 device using a script. Does anyone know if it is possible for the script to generate…

authentication f5-big-ip kerberos tacacs+

asked Feb 05 '13 at 21:54

vs_sa

Prev 1 2 3

…

75 76 Next