Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1168 questions

votes

2 answers

Unable to setup Kerberos on Ubuntu 14.04 - krb5kdc: No such file or directory - while initializing database for realm myrealm

I'm attempting to follow the guide on the Ubuntu wiki for installing and setting up Kerberos. I am running Ubuntu 14.04 (LTS) 64-bit. I have setup avahi-daemon in order to provide .local DNS names. I have then run: sudo apt-get install krb5-kdc…

ubuntu installation kerberos

asked Jul 10 '14 at 05:34

victorhooi

votes

1 answer

Testing NTLM/Kerberos against a public URL

I am creating a Java open source package that makes it easy to connect with HttpClient 3.1 to resources that are protected by NTLm v1/v2 and Kerberos. I need to test this tool against real world servers. Are there any publicly available endpoints…

authentication windows java kerberos

asked May 13 '14 at 20:06

dov.amir

votes

1 answer

Windows 7 NFS Client Using Kerberos and Linux KDC

I am trying to configure a Windows 7 Enterprise client to mount a NFSv4 share on a Linux NFS server using Kerberos and a Linux KDC. The setup is: IPA Server (OS: Scientific Linux 6.4, Pkg: ipa-server) NFS Server (OS: Scientific Linux 6.4, Pkg:…

windows-7 nfs kerberos scientific-linux freeipa

asked Feb 22 '14 at 15:36

Mike

votes

5 answers

Change local password as root after configuring for MS-AD Kerberos+LDAP

I have followed this excellent post to configure Kerberos + LDAP: http://koo.fi/blog/2013/01/06/ubuntu-12-04-active-directory-authentication/ However, there are some local users used for services. When I try to change the password for one of those,…

linux ubuntu ldap kerberos passwd

asked Jan 31 '14 at 17:36

Daniel C. Lopez

votes

1 answer

How exactly does the HOST/machine SPN work?

Normally when you set up Kerberos for IIS, you would do something like setspn -A HTTP/machine some_account. When IIS 7 is installed, it registers the SPN "HOST/machine" for its kernel-mode authentication. Why does this work? Is "HOST" some kind…

iis kerberos

asked Jul 30 '13 at 01:01

bmm6o

votes

1 answer

"setspn -s" vs. "setspn -a"

According to the Setspn Overview, it's discouraged to use Setspn -A to add an SPN record and it's suggested to use Setspn -S instead. It's said that Setspn -S checks if SPN already exists before adding a new one. Setspn –A does not perform this…

windows windows-server-2012 kerberos spn

asked Mar 18 '13 at 14:10

bahrep

votes

2 answers

SSH Kerberos authentication fails with "Wrong principal in request/Got no client credentials" on debian squeeze

I have a debian squeeze host where I can't log in with kerberos without a password prompt. An identically configured ubuntu 12.04 host works fine and can log in without getting a password prompt. After a kinit, klist gives: Ticket cache:…

linux ssh debian-squeeze kerberos

asked Feb 14 '13 at 15:55

b0ti

votes

3 answers

Permissions are not taking effect with Kerberised NFSv4 on FreeBSD

I'm currently trying to set up an NFSv4 server on FreeBSD. I have extensive experience with doing this on other Unices (Solaris and Linux), but I'm fairly new to FreeBSD. My goal is to achieve the following: Files served from the FreeBSD system The…

freebsd nfs kerberos nfs4

asked Feb 09 '13 at 04:58

Elias Mårtenson

votes

2 answers

Risks of Kerberos Delegation

I've been spending hours upon hours trying to learn and understand Windows Authentication, Kerberos, SPNs, and Constrained Delegation in IIS 7.5. One thing I just don't get is why it is "risky" to leave delegation enabled (i.e. not disable…

iis-7.5 kerberos windows-authentication intranet delegation

asked Nov 09 '12 at 23:18

Chiramisu

votes

1 answer

NFS (with Kerberos) mount failing due to "Server not found in Kerberos database" error

When running: sudo mount -t nfs4 -o sec=krb5 sol.domain.com:/ /mnt I get this error on the client: mount.nfs4: access denied by server while mounting sol.domain.com:/ And on the server syslogs I read UNKNOWN_SERVER: authtime 0, …

amazon-ec2 nfs mount kerberos

asked Apr 04 '12 at 18:13

Kendall Hopkins

votes

3 answers

Can Windows integrate with LDAP?

Given an existing LDAP server used for authentication, can Windows desktops authenticate users against LDAP or perhaps Kerberos?

windows authentication ldap kerberos

asked May 01 '09 at 20:43

jldugger

14,342
20
77
129

votes

2 answers

Is there a way to get Kerberos credentials to delegate twice? Why not?

All my nerdly life, I've dealt with this limitation of Windows Domains Login - console Integrated auth to something (usually web app) My credentials can't move to another server (e.g. database or file system). They have to trust machine 2. Is…

active-directory kerberos delegation

asked May 31 '09 at 19:56

Precipitous

votes

1 answer

How to Change the Kerberos Default Ticket Lifetime

Our KDC servers are running either Ubuntu Dapper (2.6.15-28) or Hardy (2.6.24-19). The Kerberos software is the MIT implementation of Kerberos 5. By default, a Kerberos ticket lasts for 10 hours. However, we'd like to increase it a bit (e.g. 14…

kerberos

asked Apr 13 '10 at 21:07

user40497

votes

3 answers

Virus that tries to brute force attack Active Directory users (in alphabetical order)?

Users started complaining about slow network speed so I fired up Wireshark. Did some checking and found many PCs sending packets similar to the following (screenshot): I blurred out the text for the username, computer name and domain name (since it…

security active-directory kerberos malware brute-force-attacks

asked Mar 17 '10 at 22:48

Nate Pinchot

votes

1 answer

IIS7 Windows Authentication Providers

Does anyone know what the different windows authentication providers for IIS7 means. There are 3 available providers NTLM Negotiate Negotiate:Kerberos NTLM is pretty obvious I think its NTLM and Negotiate is that Kerberos if so then what is…

windows-server-2008-r2 iis-7 authentication kerberos ntlm

asked Feb 19 '10 at 20:57

Satish

Prev 1 2 3

…

77 78 Next