Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1168 questions

votes

2 answers

Does kerbtray.exe not exist for windows server 2008

I can not find a valid kerbtray.exe for windows server 2008. I can only find for 2000 and 2003. Does it not exist or it is just replaced with something else?

windows-server-2008 kerberos

asked Apr 27 '10 at 15:52

Atle

votes

1 answer

Relative security of SAML vs Kerberos

Does anyone have any info/links on the relative security of SAML vs Kerberos. I believe I grasp the differences between the two, and what they mean for my particular application, but to decide between the two, knowing which is more secure, if…

security kerberos

asked Mar 08 '10 at 14:11

Robert Gowland

votes

1 answer

How to force kerberos to use in memory credential cache?

MIT Kerberos supports multiple types of credential cache to store tickets . For example, if I want to use a persistent keyring per-user in kernel memory I can add the following to krb5.conf. [libdefaults] default_ccache_name =…

linux ssh kerberos single-sign-on mitkerberos

asked Jun 15 '17 at 09:40

rlf

votes

3 answers

MIT Kerberos keeps asking for password when authenticating to OpenSSH

I am trying to setup a simple Kerberos environment which consists of a Kerberos server (KDC), a client machine and a server machine running an OpenSSH daemon. The client is supposed to be authenticated through Kerberos when establishing an SSH…

ubuntu ssh kerberos single-sign-on mitkerberos

asked Jun 14 '17 at 22:58

arne.z

votes

1 answer

Joining AD domain with Windows 10 using smart card

My Windows "domain-centric" company has abruptly decided to make the switch from Windows 7 to Windows 10, and it has become my job to make their prepared image join our domain with our smart card/token based authentication system. This was an issue…

windows-server-2012 domain kerberos windows-10 smartcard

asked Apr 06 '16 at 01:11

Y. Park

votes

3 answers

Do Linux servers using AD/Kerberos for authentication/authorization need computer accounts?

I am confused about whether Linux servers using Active Directory (AD) and Kerberos need computer accounts created? Does the Linux server as a machine need to join an AD domain and in doing so have a computer account to have…

linux active-directory ldap kerberos sssd

asked Feb 20 '16 at 02:23

Padge

votes

2 answers

Kerberos service login only possible for 30 minutes after running ktpass.exe

I'm trying to Kerberize an Apache-server, and allow the created server principal to sign on to the Active Directory. I've followed one of the numerous tutorials available online, and it seems to work fine. I'm on the Linux side of the project, and…

linux active-directory kerberos

asked Aug 21 '15 at 19:33

Saustrup

1,183
1
8
12

votes

1 answer

Seamless SSO with Kerberos, IE, Firefox, LDAP Active Directory

Alias /students /var/www/students KrbServiceName HTTP KrbMethodNegotiate On KrbMethodK5Passwd On KrbSaveCredentials off KrbAuthRealms DOMAIN.LOCAL Krb5KeyTab /etc/httpd/keytab KrbAuthoritative off AuthType…

apache-2.2 php active-directory ldap kerberos

asked Sep 28 '09 at 17:36

Brad

votes

3 answers

OpenSSH two factor authentication combined with Kerberos / public key

I'm trying to implement two-factor authentication for OpenSSH. The environment is Centos 7 (kernel: 3.10.0-229.1.2.el7.x86_64) with OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013. We have Active Directory (LDAP) + Kerberos deployed. The…

authentication ssh kerberos pam

asked May 04 '15 at 15:02

dgyuri92

votes

1 answer

How can one enable DES-encrypted keys on an Apple KDC?

We are running a KDC on OS X 10.10 Yosemite, to which we have added a service principal for remotely accessing a (legacy) host: $ kadmin add -r host/a.b.c.d@REALM Since the host only supports des-cbc-crc key encryption, we then tried…

mac-osx kerberos mac-osx-server heimdal

asked Dec 15 '14 at 19:07

eggyal

votes

7 answers

kinit: Cannot contact any KDC for realm 'UBUNTU' while getting initial credentials

I am installing Kerberos5-1.12.1 on ubuntu machine with these instructions. Whenever i am trying to do : kinit user1 I am facing an error: kinit: Cannot contact any KDC for realm 'UBUNTU' while getting initial credentials Below are my krb5.conf…

kerberos

asked Jul 16 '14 at 05:29

user3279174

votes

3 answers

nfs4 and kerberos: Wrong principal in request

My client/servers are both running Ubuntu 14.04 and kerberos user authentication works as intended. regular nfs4 mounts also work fine. All machines are running heimdal libraries. I haven't been able to get kerberized nfs4 working though. When…

ubuntu kerberos nfs4 heimdal

asked Jun 22 '14 at 09:41

cebalrai

votes

4 answers

SQL Server running under a domain account cannot register its SPN

I am trying to configure a fresh install of SQL Server to run under a domain account. However, I get intermittent errors when trying to connect to the server using another domain account, and I still see The SQL Server Network Interface library…

active-directory sql-server kerberos

asked Feb 04 '14 at 18:55

jimbobmcgee

2,675
4
27
43

votes

4 answers

kinit & pam_sss: Cannot find KDC for requested realm while getting initial credentials

I have a very similar problem as described in this thread on CentOS 6.3 authenticating against a 2008R2 AD DC. Here is my krb5.conf, I know for a fact that XXXXXXX.LOCAL is the true domain name: [logging] default = FILE:/var/log/krb5libs.log kdc =…

active-directory windows-server-2008-r2 kerberos pam sssd

asked Nov 19 '13 at 00:24

Sauraus

votes

3 answers

Ubuntu 12.04, Windows 2012 Active Directory Integration, Kerberos won't resolve service principals

after having checked the whole internet literally, I hope that I might get help here. I am trying to accomplish integration of ubuntu 12.04 servers into a Windows 2012 active directory with nfs and single sign on. setup: srv02 Windows…

linux ubuntu active-directory windows-server-2012 kerberos

asked Aug 26 '13 at 19:33

Michael

Prev 1 2 3

…

77 78 Next