Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1136 questions
0
votes
2 answers

Best Practices: Unix User Management with LDAP + Kerberos?

I'm running a small LAN for 5 users with some basic services, e.g., NFSv4 mounts and SOGo groupware. Because it seemed to be a good and easy to implement idea, authentication is a combination of Kerberos (with LDAP backend) and authoritative user…
Technaton
  • 101
  • 2
0
votes
1 answer

Permission denied errors after logging back into a ssh-ed tmux/screen session

I'm running some very long jobs on a machine that I'm SSH'd in. However, sometimes after a few hours in the session, I no longer have permissions to run simple commands that I previously could. That is, when I type commands as simple as cd .. or ls…
tchainzzz
  • 101
  • 3
0
votes
1 answer

Active Directory vs Active Directory Trust

We have 2 forests/domains : ad.local (not managed by us) and ad2.local (managed by us) We setup a two way trust between them. Now let's say I have an app on a server joined to ad2.local : app.ad2.local This app accepts LDAP or Kerberos (with…
preguenga
  • 1
0
votes
1 answer

MIT Kerberos renew lifetime does not work

I am trying to figure out why my tickets only get a renewable life of 0 instead of 7 days as I specified. I tried setting both the max_renewable_life (as indicated in another question) as well as renew_lifetime to 7 days (7d and 856800) in my…
comfix
  • 11
  • 3
0
votes
0 answers

Is it possible to force re-authenticate kerberos users?

Is there a way to force reauthenticate users with a valid kerberos session key? In my case there are several users who dont authenticate against the KDC but take over existing sessions from other already authenticated users. The users authenticate…
G4schberle
  • 1
  • 3
0
votes
1 answer

FSTAB CIFS kerberos

How can I force fstab to mount CIFS with machine account kerberos? From logs it shows that cifs.upcall goes to: cifs.upcall: get_cachename_from_process_env: cachename = FILE:/tmp/krb5cc and not on /etc/krb5.keytab which has the computer account…
Verboy
  • 1
  • 1
0
votes
1 answer

Unknown Kerberos authentication pattern on SQL Servers

One of our admins noticed a strange pattern of login messages in the Windows event log on one of our SQL Servers, and after some investigation, I've found that it the same pattern can be found on most (but not all) of our SQL Servers. I cannot seem…
Ed Leighton-Dick
  • 1,094
  • 1
  • 7
  • 12
0
votes
1 answer

Failure to access AD in Linux EC2

I have a EC2 instance called EC2-B and I configured it to use AD Connector. This is instance is in the VPC B while the AD Connector EC2 is in VPC A. I have another instance EC2-A in the VPC-A and did the configuration as in AWS manual…
Raul
  • 1
-1
votes
2 answers

Client can't authenticate to IIS site using Kerberos

We have several IIS hosted sites using windows authentication. Some of our users can logon in one of the sites, but getting never-ending authentication challenge in another (the second one is used in an iframe of first). We found out that users that…
eleven_zwolf
  • 1
  • 1
  • 3
-1
votes
2 answers

RedHat Linux : Configure both ldap and Kerberos

Our RHEL servers are setup with LDAP and they work just fine. Users are able to login using their credentials just fine. There is one application that needs kerberos. We are trying to get both LDAP and Kerberos to work but it simply does not work.…
souser
  • 187
  • 1
  • 3
  • 8
-1
votes
1 answer

Squid 3.5.20 doesn't authentificate via Active Directory and Kerberos

I make transparent proxy via AD and Kerberos V5. CentOS joined to Windows domain with realm: [root@vs-otr-squid02 ~]# realm list domain.ru type: kerberos realm-name: DOMAIN.RU domain-name: domain.ru configured: kerberos-member …
Ruslan
  • 1
  • 1
  • 5
-1
votes
2 answers

When I log in to a Windows member machine, how does it authenticate me?

When I log in to a Windows member server in an Windows AD domain, does it use LDAP or Kerberos to authenticate me? I have always been under the impression that this was done with LDAP, but wondering if it is actually Kerberos. Is it by default,…
user402916
-1
votes
1 answer

How kerberos authentication works?

I've tried to figure out how kerberos authentication works, the information which I found was always missing something as if a part of it was taken for granted. I am aware of the process in general but missing some details. Getting TGT: First a…
Tomer Schweid
  • 98
  • 1
  • 1
  • 6
-1
votes
1 answer

Samba file server as domain member: error when joining domain

I would like to set up samba 4 to share a local directory, so that domain users are allowed to mount the directory. I don't want domain users to be able to log in the linux machine, they should only be able to use the shared directory. There are 3…
user368507
  • 109
  • 5
-1
votes
1 answer

keytab file between Windows 2003 server Windows 2008 R2

My organization currently is migrating Windows 2003 server domain controllers to Windows 2008. The process may finish in next half year or so. Meanwhile we also want our Oracle database (on AIX 7.1) to integrate AD by using Kerberos protocol. I…
hardywang
  • 113
  • 6
1 2 3
75
76