Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1136 questions

votes

1 answer

Company Wide Windows Auth with Chrome and Firefox

I know that we can allow Firefox to allow passing through of Windows credentials by editing the following about:config settings --If using Kerberos-- network.negotiate-auth.trusted-uris network.negotiate-auth.delegation-uris --If using…

asked Apr 29 '13 at 21:54

Cavyn VonDeylen

votes

0 answers

Kerberos NFS4 permission denied

** Edit: ** I am not using Sabayon Linux anymore and this problem didn't occur on other distributions. I suggest to close this question. Update: I realized that because of bad hosts file, both machines resolves their local names to 127.0.0.1 instead…

linux nfs kerberos

asked Mar 30 '13 at 18:21

reish

votes

1 answer

Can't get postgres and kerberos (gss) working together

I am trying to get postgres and kerberos, via GSSAPI, working together. Having trouble at this point. It does not help that I am really a newbie for both technologies. I have both postgres and kerberos working as expected separately, and am using…

postgresql kerberos gssapi

asked Jan 29 '13 at 14:07

Wanderer

votes

2 answers

"KDC has no support for encryption type" when setting up cross-realm trust between MIT Kerberos and Active Directory

I am currently setting up an environment where I have a set of Solaris and Linux machines, using a dedicated Krberos 5 realm (MIT, on Solaris 11, krb5-config --version returns: Solaris Kerberos (based on MIT Kerberos 5 release 1.6.3)). We also have…

active-directory kerberos nfs4 pam-krb

asked Oct 24 '12 at 06:51

Elias Mårtenson

votes

1 answer

Does an NFS export with sec=krb5 require that the parent directory also be exported with sec=krb5?

I copied somebody's NFS server/client setup verbatim and am having trouble making sense of what's going on with it. This is the /etc/exports: /export *(rw,fsid=0,crossmnt,insecure,async,no_subtree_check,sec=krb5p:krb5i:krb5) /export/home…

linux nfs kerberos autofs

asked May 20 '12 at 01:01

BrianTheLion

votes

1 answer

Troubles with sssd and Active Directory Integration

I have Debian Squeeze and sssd installed. When I try to login to server by user 'alexwinner' by ssh I see in the log: (Fri May 11 18:56:03 2012) [[sssd[krb5_child[26281]]]] [get_and_save_tgt] (1): 523: [-1765328360][Preauthentication failed] But…

linux active-directory ldap kerberos sssd

asked May 11 '12 at 15:13

Alexey Malov

votes

1 answer

Google Chrome and kerberos authentication against Apache

I've managed to get kerberos authentication to work now with Apache and Likewise Open but so far, Google Chrome doesn't seem to play fair. Unless I start it with chrome.exe --auth-server-whitelist="*company.com" it does only pop-up a login window…

apache-2.2 authentication kerberos google-chrome

asked Dec 13 '11 at 09:01

Lars

votes

3 answers

mount.nfs: access denied by server while mounting (Kerberos authentication)

There's plenty of references to this error on Goggle, and even a question here with the same title, but it seems that "access denied by server while mounting" is a catch-all error. I've tried suggestions that others have used to fix this problem,…

ubuntu nfs kerberos

asked Aug 25 '11 at 06:58

Nick

4,433
29
67
95

votes

4 answers

Login using Active Directory in Linux using Kerberos 5

I have a problem with setting up auth for users on Linux (Fedora Core 15 to be exact) using Active Directory on Windows 2008 Server with installed support for UNIX systems. I've successfully setup Kerberos, tested using kinit -p and klist to…

linux active-directory ldap kerberos nis

asked Jun 11 '11 at 20:53

Migol

votes

3 answers

Double Hop Window Authentication

I've got a problem getting Windows Authentication (Kerberos) to work when passing credentials from the user, to IIS then from IIS to SQL. I have setup SPN's for SQL, and set the IIS server account up to allow delegation. If I set the IIS computer…

windows-server-2008 sql-server iis kerberos

asked Oct 22 '10 at 15:41

Sam Cogan

38,158
6
77
113

votes

4 answers

Authenticating Windows 7 against MIT Kerberos 5

I've been wracking my brains trying to get Windows 7 authenticating against a MIT Kerberos 5 Realm (which is running on an Arch Linux server). I've done the following on the server (aka dc1): Installed and configured a NTP time server Installed and…

security windows-7 authentication kerberos windows

asked Apr 06 '10 at 18:20

tommed

votes

1 answer

Apache mod_auth_kerb asking 2 authentication

I've configured Apache to use mod_auth_kerberos. So far everything is working nicely for client thats connected to Active Directory and have their browser to NTLM enabled. When clients are not in the domain or the browser configured not to…

apache-2.2 authentication kerberos ntlm

asked Jan 07 '10 at 00:45

Rianto Wahyudi

votes

2 answers

Exchange 2016 and Sever 2016 DCs: Unknown KDC Encryption type

Team, Exchange environment is all 2016, no mix. Parent and child domains exist, but the functional level of each domain and forest is 2012R2. All domain controllers have been 2012R2 until recently. The AD team (different from me) have introduced…

exchange windows-server-2016 kerberos exchange-2016

asked Jan 02 '19 at 04:20

Joseph

votes

0 answers

How does the Linux NFS server implementation of setclientid work?

Does anyone understand the NFS protocol (Version 4) or the Linux NFS server implementation of it well enough to explain how setclientid negotiates authentication? Background: I have a CentOS 7 server that runs an NFS4 server with Kerberos…

centos7 kerberos nfs4

asked Nov 09 '18 at 16:42

Tobias

votes

1 answer

Kerberos MaxTokenSize

I had a user who has about 900 groups (some of them were nested so I suspect there was about 1000 groups) and he couldn't log in returning error stating that there are too much IDs. I have run a script to count his token size and it turned out to be…

active-directory authentication kerberos

asked Sep 30 '17 at 09:44

varrimatrass

Prev 1 2 3

…

75 76 Next