Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mitkerberos]

MIT implementation of Kerberos (https://web.mit.edu/kerberos/)

MIT implementation of Kerberos (https://web.mit.edu/kerberos/)

documentation can be found here : https://web.mit.edu/kerberos/krb5-latest/doc/

69 questions
0
votes
1 answer

Using same password for kerberos and openldap

We have a working structure for our hadop where openldap was used for authentication with below structure,along with ranger and knox. openldap root:- dn: dc=abchadoop,dc=com,dc=za Subtree inside openldap like below:- dn:…
anwaar_hell
  • 101
  • 2
0
votes
1 answer

Why both userPassword and krbPrincipalKey

When configuring MIT Kerberos to use an LDAP database instead of DB2, I was surprised to see that user password hashes are stored in two different fields: userPassword and krbPrincipalKey. Seems the hashing algorithms may be different, but that…
Ryan
  • 420
  • 5
  • 13
0
votes
1 answer

Kerberos Authentication in a Mixed (Windows and LINUX) Environment

I need to map the Service principal name for the user in an Active Directory from Linux environment, where my KDC is located, to Windows. Is there a way to map the AD user from Linux rather than mapping them using setSPN in the Windows environment?…
karthik
  • 101
  • 4
0
votes
1 answer

What is the purpose of the 'keyblock' part of the Kerberos credential cache

The documentation of MIT Kerberos explains here how the credential cache file is formatted. It basically consists of: a header information about the REALM and the user a keyblock information about the expiration of the ticket authdata the tickets…
arne.z
  • 357
  • 6
  • 24
0
votes
1 answer

nslcd and kerberos without Reverse DNS

I am trying to get nslcd to connect with an ldap instance using GSSAPI and kerberos authentication. Problem i'm having is that nslcd keeps using the wrong principal to try and connected with the remote ldap server. My guess is its is using a…
pythonandchips
  • 81
  • 1
  • 6
0
votes
1 answer

Kerberos Bootstrap error with ldap

Up until recently I have had no issues deploying Kerberos with an LDAP backend for the database. Recently however I have started to get this error when trying to generate the password stash file which allows the krb5kdc to talk to…
maldridge
  • 1
0
votes
0 answers

What changes with Kerberos Authentication in IPv6 when using NAT?

How should Kerberos Authentication be setup with IPv6? Of you're using NAT for IPv6 where there is a single public IPv6 address and it translates to the machines inside in the ULA range?
leeand00
  • 4,807
  • 13
  • 64
  • 106
0
votes
1 answer

What changes with Kerberos authentication in IPv6 when everyone has a public IPv6 Address?

How should Kerberos authentication be set up with IPv6? What implications are there when client devices each use a public, globally routeable IPv6 IP address? What changes when setup this way instead of using a NAT as was the norm with IPv4?
leeand00
  • 4,807
  • 13
  • 64
  • 106
0
votes
1 answer

psql: duplicate GSS authentication request

What does it mean by saying 'duplicate' ? How to troubleshoot this? guest@www:~$ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: user/admin@SOHONET Valid starting Expires Service principal 12/11/2015 07:37:08 …
user319773
  • 1
  • 2
0
votes
1 answer

Slave Kerberos behind NAT - kprop fails: Incorrect net address while decoding database size from client

I want to synchronize MIT Kerberos database from master to slave, which is in a different geographical location. kprop synchronization fails because of a NAT. Is there any solution to have kprop working? Except VPN and manual database copy with…
Xdg
  • 327
  • 5
  • 13
0
votes
0 answers

Establish FAST encrypted channel between linux client and windows server

I am trying to setup windows server for FAST encrypted channel support to test OTP pre authentication in kerberos. I have already tested on linux machine by deploying KDC using krb5-1.12.1 source code, freeradius server and using keytab of service…
Faisal Ali
  • 1
  • 1
0
votes
1 answer

Alfresco authentication chain for (MIT) Kerberos only? (no LDAP, no AD)

The Alfresco documentation seems to consider only LDAP or Active Directory cases. In my case, all users are in MIT Kerberos, but I don't use LDAP nor Active Directory. What authentication chain should I use? ldap1:ldap is what the documentation…
Nicolas Raoul
  • 1,314
  • 7
  • 22
  • 43
0
votes
1 answer

OpenSSH + Kerberos SSO problem: Wrong principal in request

Thanks to your help , I am getting closer. Now at this point, I am getting the following message with logging in via ssh: debug1: Unspecified GSS failure. Minor code may provide more information Wrong principal in request From the client side,…
Rilindo
  • 5,058
  • 5
  • 26
  • 46
0
votes
0 answers

NFSv4 with Kerberos takes a long time to mount

I have an NFS server with Kerberos authentication (Debian 11). If I want to mount a share on a client for the first time after a restart, this takes 10-12 seconds. If I then mount another share from the same server, it works almost immediately. NFS…
Nick
  • 1
0
votes
0 answers

MIT Kerberos, kinit authenticate with smartcard and PIN on Windows

I am using MIT Kerberos for windows and I am able to get a ticket using a password just fine but I would like to use smartcard and pin to get the ticket. I tried the following after installing opensc-pkcs11: kinit.exe -X…
Prab
  • 101
  • 2
1 2 3
4
5