Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
0
votes
0 answers

Error code 0x90090331 - Explicit EAP Failure

Can anyone direct me to a reason for an Explicit EAP Failure with Error Code 0x90090331? Evidently, the error code is not on the internet. I have been troubleshooting some enterprise wireless issues with Intel Wifi cards and Meru Virtual Cell APs…
Ghostpsalm
  • 111
  • 4
0
votes
0 answers

asp classic application inside an ASP.NET application - Windows Auth not working Kerberos and Edge browser

I have an asp classic application inside an ASP.NET application. The default.aspx page reads the Windows login of the user and looks them up in a database table. Then it puts the credentials in a cookie and passes it to the menu page of the asp…
Mij
  • 1
0
votes
0 answers

Proxy authentication in cyrus with SASL and kerberos

I am trying to enable proxy authentication in cyrus + SASL, i.e authenticating as the admin user cyrus but with the access rights of any other user, e.g. peter (as described here). I am trying with imtest -a cyrus -u peter -m plain -t ""…
Erich
  • 101
  • 1
0
votes
1 answer

Cannot obtain credentials for computer account - client not found in kerberos database

I have successfully joined an ubuntu machine (Ubuntu 20.04 LTS) to an Active Directory. Therefore, I can log in with AD-Accounts, obtain and renew the ticket grantin ticket for the user, and access network shares with Kerberos…
Ronny
  • 3
  • 2
0
votes
1 answer

How to have Kerberos tickets for services to access NFS share?

I want to externalize my servers storage and to import it via NFS from the storage server. I want to use NFSv4 with Kerberos for security and for not having to match UID/GID between servers. So I configured everything and mounting works as well…
Robome
  • 1
0
votes
1 answer

Kerberos credentials not renewed on ipa ubuntu client

When I use ssh to login to my freeipa client, I get Kerberos credentials (klist). However, after they expire, I no longer get the credentials (klist empty). This results with no home directory as the user does not have permissions for the nfs. I can…
YuvGM
  • 153
  • 4
0
votes
1 answer

KDC has no support for encryption type while authentication to OpenLDAP

I'm running a Kerberos / LDAP authentication server for many years. Kerberos data is stored inside LDAP. Now, I have a second site and want to mirror the server to the new site. This basically works, but there is a strange side effect. Each server…
Lars Hanke
  • 281
  • 2
  • 15
0
votes
0 answers

Kerberos is broken domain wide when an SPN is set on the server

I'm trying to investigate a problem we've had for the last 2 years. I am a developer and have familiarity with Windows Server /Active Directory /GPO... but I am not in charge of the network setup of the servers, but for the last 2 years our network…
Eric
  • 101
  • 1
0
votes
1 answer

basic understandig about kerberos sso in apache

I'm trying to configure kerberos sso in apache at the moment. On the test server the website sub.internal.local workes quite well in reference to the kerb sso. When I try to adopt the config to another apache server, which is opend via…
horst
  • 1
  • 1
0
votes
1 answer

Kerberos with Apache not working

I'm currently trying to configure Kerberos on our Apache and unfortunately I can't get any further. The website (Typo3) on the apache is accessed internally and externally with sub.domain.com The local domain is intern.local I created the keytab…
horst
  • 1
  • 1
0
votes
1 answer

Can kerberos admin-server be on different machine than KDC?

I'm currently learning about Kerberos, and there's something I don't quite understand: Seemingly, the admin-server: kadmind - doesn't HAVE to run on the same machine as of the KDC. But that sounds weird - since kadmind does changes to the database…
YoavKlein
  • 111
  • 2
0
votes
1 answer

OpenCms: Kerberos SSO authentication with httpd+Tomcat

I have a standalone httpd+Tomcat 8.5.65 installation on OpenJDK 11 with OpenCms 11.0.2 for my client's internal website. They have a LDAP network and they're requesting the automated logon using Kerberos (krb5). We configured SPNego and it works on…
user3804769
  • 101
  • 1
0
votes
2 answers

Putting .k5login credentials in ldap with freeipa

On the systems I administer, in addition to human user accounts, we have a number of accounts associated with roles, software and specific data. By using a .k5login file in home directories, it is possible to use ssh to connect to a different…
okapi
  • 140
  • 4
0
votes
0 answers

Kerberos Works If Previously Not Pre-Authorized

I'm moving an application from WebLogic to JBoss EAP 6.4 and I almost have it working. The issue is that I can only get Kerberos authentication to work if I play with the isInitiator property in my standalone-full-ha.xml for the spnego-server. If I…
Jamie Mellway
  • 3
  • 2
0
votes
0 answers

Rekerberize fails with: Could not retrieve auth record

We use Apple Open Directory (which is openLDAP actually), and we are experiencing a problem that for some users, user authentication fails with ldap_bind: Insufficient access (50). Attempting to rekerberize, as recommended on…
not2savvy
  • 177
  • 8
1 2 3
75 76