Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

Get a user's kerberos ticket updated over VPN

We run a Windows 2008 network (2008 DC level). There are many users who work only from home and connect to the network via VPN. Recently group membership was changed for many of these users and the membership isn't making it to their machine. I…

windows-server-2008 vpn kerberos

asked Feb 02 '13 at 20:48

Brettski

votes

1 answer

How to make SSO work on remote machine

I'm fighting with SSO and SSH on Debian Wheezy. Locally it works fine. I'm getting ticket successfully at login. But when I've logged in to the remote machine by SSH without password, klist on the remote machine finds no credentials. I tried to get…

ssh kerberos single-sign-on

asked Jan 11 '13 at 13:15

Theodor Keinstein

votes

1 answer

Fedora 389 ds sasl mapping issue?

I have a fedora client that is authenticating to a centos server running 389 ds and kerberos I can run kinit on the fedora client successfully and get a ticket, but no matter what I try I just cannot authenticate with kerberos to…

centos kerberos sasl 389-ds sssd

asked Jan 09 '13 at 06:13

red888

4,069
16
58
104

votes

1 answer

Default username format in Active Directory

Since Windows 2000 NTLM has been replaced with Kerberos. Thus Kerberos uses UPNs to identify the users. UPN is also the preferred usernaming format. Now, why does Windows 7 still display a logged in AD user by default as DOMAIN\USER instead of…

windows kerberos user-accounts active-directory

asked Dec 10 '12 at 14:04

Michael-O

votes

1 answer

Mounting samba share authenticated by kerberos automatically through /etc/fstab

I have a samba server working and I can access the different shares with the command smbclient -k //$server.$my_domain.$net/$my_share I would like the mount to be automatically provided at boot time. The authentication process relies on kerberos. I…

samba kerberos

asked Dec 03 '12 at 15:06

philippe

2,131
4
30
53

votes

1 answer

Configuring "compat" mode for users in Linux OL5x

I wish to enable the "compat" mode for users using the /etc/passwd approach in my Linux OEL5x server. But I am not really sure how "compat" works in linux. I have made the following configurations- set passwd to compat in /etc/nsswitch.conf and…

linux kerberos

asked Nov 16 '12 at 17:31

Balualways

votes

1 answer

Authentication through mod_auth_kerb should provide website with no user if no TGT provided

Users are authenticated by mod_auth_kerb which works great. Therefore I need to set Require valid-user If there is no valid user Apache fails with an 401 Authorization Required. I would like Apache to deliver the website anyway but without…

apache-2.2 kerberos mod-auth-kerb

asked Oct 15 '12 at 21:21

loomi

votes

1 answer

Does Windows 7 store domain account and password in SAM

If my machine has Windows 7 and connect to domain, what happens when domain controller is unavailable ? How do I exactly log in when domain controller is unavailable ? I mean normally it should use Kerberos, and it should fall back to NTLM. Does…

active-directory kerberos ntlm

asked Oct 05 '12 at 05:27

maxisam

votes

1 answer

Kerberos setup on Red Hat

I'm using Red Hat 5 client to authenticate to a Windows 2003 KDC (or trying to anyway), but when I run kinit vwwebseal@VWXAUTHN.LOCAL I get kinit(v5): Cannot find KDC for requested realm while getting initial credentials When I use nslookup, the…

kerberos

asked Sep 11 '12 at 04:00

snibbets

votes

3 answers

apache using mod_auth_kerb always asks for the password twice

(Debian Squeeze) I'm trying to set apache up to use Kerberos authentication to allow AD users to log in. It is working, but prompts the user twice for a username and password, with the first time being ignored (no matter what is put it in.) Only…

apache-2.2 kerberos mod-auth-kerb

asked Aug 24 '12 at 06:13

DrStalker

6,676
24
76
106

votes

1 answer

Why does ktutil list show some clients, but kinit says client unknown?

When I run ktutil list, I get a list of several clients. However, when I run kinit for any of the listed clients, I always get client unknown. Any ideas?

kerberos

asked Aug 23 '12 at 14:47

No One in Particular

votes

1 answer

kadmin.local -q "addprinc" adds REALM unnecessarily

When I run the command kadmin.local -q "addprinc admin/admin" it adds the realm to the end of user. So admin/admin becomes admin/admin@LBOX.COM This is what I ran. Any suggestions would be awesome. root@directory:~# kadmin.local -q "addprinc…

debian kerberos

asked Aug 14 '12 at 22:28

David Neudorfer

votes

1 answer

CIFS SPN Missing

My domain does not have a SPN for CIFS/mydomain.com. My DC is throwing ErrorCode: KDC_ERR_S_PRINCIPAL_UNKNOWN. There are a number of windows workstations on the domain that are trying to use this SPN. setspn -a cifs/corp.com.au…

windows active-directory kerberos

asked Aug 13 '12 at 01:36

Ablue

1,140
1
12
32

votes

1 answer

Cadaver with Kerberos: 401 Unauthorized

How to make Cadaver connect to a WebDAV server that uses Kerberos authentication? Usually cadaver http://localhost:8080/alfresco/webdav works, I can browse files, but on a network with Kerberos I get: Could not open collection: 401…

kerberos webdav

asked Jun 14 '12 at 06:36

Nicolas Raoul

1,314
7
22
43

votes

1 answer

SPN's, Kerberos and IIS

I have a dns alias of MyWebServer, which points to the ip of a win 2008 r2 box running iis 7.5. I have the correct HTTP spn's set up for a domain user which has permissions to delegate to a nominated HTTP webservice using kerberos. IIS is…

windows-server-2008-r2 iis-7.5 kerberos application-pools spn

asked Jun 07 '12 at 12:04

GordonB

Prev 1 2 3

…

75 76 Next