Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1168 questions
6
votes
3 answers

Will kerberos work with CNAMEs if I have the SPN created for the A record as well?

We are currently setting up a SQL 2012 environment and it will be used for storing data that will be accessed by SSRS in sharepoint integrated mode. We will be using Kerberos for authentication. Something we would like to be able to do is use cnames…
AnthonyM
  • 161
  • 1
  • 1
  • 2
6
votes
1 answer

Linux Client Active Directory Authentication stops working when failover

I have an issue with Linux clients trying to AD authentication by targeting a DNS name (corp.example.com). I have 2 Domain Controller servers DC1(10.0.0.3/24), DC2(10.1.0.3/24) both domain controllers for corp.example.com. Before starting this each…
Jim
  • 988
  • 7
  • 20
  • 33
6
votes
5 answers

error reading keytab file krb5.keytab

I've noticed these kerberos keytab error messages on both SLES 11.2 and CentOS 6.3: sshd[31442]: pam_krb5[31442]: error reading keytab 'FILE: / etc/ krb5. keytab' /etc/krb5.keytab does not exist on our hosts, and from what I understand of the…
Banjer
  • 3,974
  • 12
  • 41
  • 47
6
votes
0 answers

What breaks in a Windows domain if a member has a high time skew?

It's taken for granted by most IT people that in a Windows domain, if a member server's clock is off by more than 5 minutes (or however many minutes you've configured it for) from that of its domain controller - logons and authentications will…
Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
6
votes
1 answer

Time taken for authentication to work again after changing system time

One of our domain controllers clock drifted way out of sync with the rest of the network (thanks to me forgetting to turn off VMWare's time synchronisation), which caused a whole bunch of servers to lose their ability to authenticate, given that…
Mark Henderson
  • 68,823
  • 31
  • 180
  • 259
6
votes
2 answers

help using setspn and ktpass

I'm trying to set up the SPNs and create a keytab file for tomcat kerberos spnego Single sign on. the server running tomcat7 is ubuntu-ad1.wad.eng.hytrst.com the KDC is kerberos.wad.eng.hytrust.com the domain is WAD.ENG.HYTRUST.COM im using my ad…
Arthur Ulfeldt
  • 3,249
  • 9
  • 33
  • 40
6
votes
3 answers

How to setup apache redirect or custom 401 document on Kerberos SSO login failure

I have a working Kerberos SSO setup, I use apache and jboss with mod_jk. Apache is protecting (by kerberos) the auto-login.htm page with the following configuration: AuthType Kerberos AuthName …
Pierre Pretorius
5
votes
1 answer

How to set Openssh and Mit kerberos (from windows to linux server)?

I need to connect through openssh from windows to a linux server using a kerberos ticket. I got the bin file from: https://github.com/NoMoreFood/openssh-portable/releases/tag/v7.9-sspi Through my company login UI, I obtain the ticket using MIT…
dax90
  • 101
  • 1
  • 4
5
votes
1 answer

How to prevent browser password prompts when no Active Directory single-sign-on?

We have single-sign-on working on an internal website, with Apache and mod_auth_kerb ... except users without the relevant browser config are getting password prompts instead of an error page. Users who have tweaked their web browser config to allow…
Smylers
  • 155
  • 6
5
votes
1 answer

NFS Share with Kerberos Authentication

I am using Windows Storage Server as a file server and now have the need to setup NFS sharing for linux client machines On my test Ubuntu desktop, I installed Kerberos Client and also setup the keytab using the kutil command The klist command shows…
Lucky Chingi
  • 101
  • 7
5
votes
2 answers

How to enable logging for Kerberos on Windows 2012 R21

How do I enable AND view logs for Kerberos requests on Windows server 2012? I have IIS 8.5 Running on Windows server 2012 R2. I want to see success and failure messages related to Kerberos (like you can on other/earlier versions of windows). I've…
cab0
  • 151
  • 1
  • 1
  • 4
5
votes
1 answer

SSH works with expired Kerberos Password

I have setup SSH - single sign on using kerberos V5. When a user password has expired , it returns 'Warning: password has expired.' and allows the user to login! I even made changes in the /etc/pam.d/password-auth such that pam_krb5.so comes above…
Chandira Mouli
  • 51
  • 3
5
votes
1 answer

Forward Kerberos Authentication on Ansible

I have an ansible control machine (host-A) that need to talk with host-C, an Windows machine that doesn't have local users (It's an Active Directory). host-A doesn't have network access to host-C, but the communication it's possible using…
Bernardo Vale
  • 151
  • 5
5
votes
1 answer

Windows - Kerberos SSO from outside the domain

I've tried to figure it out myself, but to no avail. Google offers many tutorials but I couldn't find any for the below case. We have an external cooperating employee with VPN access to our LAN and he needs to access some of our web applications.…
sam_pan_mariusz
  • 2,133
  • 1
  • 14
  • 15
5
votes
4 answers

Kerberos with OpenLDAP backend: Password Sync HowTo

The basic setup is an OpenLDAP server. The users are provisioned and the passwords are set. Now we decided to add an MIT KDC for being able to use Kerberos. We configured the MIT KDC to utilize the LDAP as a backend for the KDC database. We create…
Condla
  • 51
  • 1
  • 4
1 2 3
77 78