Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

1168 questions
0
votes
1 answer

Cannot obtain credentials for computer account - client not found in kerberos database

I have successfully joined an ubuntu machine (Ubuntu 20.04 LTS) to an Active Directory. Therefore, I can log in with AD-Accounts, obtain and renew the ticket grantin ticket for the user, and access network shares with Kerberos…
Ronny
  • 3
  • 1
  • 3
0
votes
1 answer

How to have Kerberos tickets for services to access NFS share?

I want to externalize my servers storage and to import it via NFS from the storage server. I want to use NFSv4 with Kerberos for security and for not having to match UID/GID between servers. So I configured everything and mounting works as well…
Robome
  • 1
0
votes
1 answer

Kerberos credentials not renewed on ipa ubuntu client

When I use ssh to login to my freeipa client, I get Kerberos credentials (klist). However, after they expire, I no longer get the credentials (klist empty). This results with no home directory as the user does not have permissions for the nfs. I can…
YuvGM
  • 153
  • 4
0
votes
1 answer

KDC has no support for encryption type while authentication to OpenLDAP

I'm running a Kerberos / LDAP authentication server for many years. Kerberos data is stored inside LDAP. Now, I have a second site and want to mirror the server to the new site. This basically works, but there is a strange side effect. Each server…
Lars Hanke
  • 285
  • 3
  • 16
0
votes
1 answer

basic understandig about kerberos sso in apache

I'm trying to configure kerberos sso in apache at the moment. On the test server the website sub.internal.local workes quite well in reference to the kerb sso. When I try to adopt the config to another apache server, which is opend via…
horst
  • 1
  • 2
0
votes
2 answers

Kerberos with Apache not working

I'm currently trying to configure Kerberos on our Apache and unfortunately I can't get any further. The website (Typo3) on the apache is accessed internally and externally with sub.domain.com The local domain is intern.local I created the keytab…
horst
  • 1
  • 2
0
votes
1 answer

Can kerberos admin-server be on different machine than KDC?

I'm currently learning about Kerberos, and there's something I don't quite understand: Seemingly, the admin-server: kadmind - doesn't HAVE to run on the same machine as of the KDC. But that sounds weird - since kadmind does changes to the database…
YoavKlein
  • 133
  • 4
0
votes
1 answer

OpenCms: Kerberos SSO authentication with httpd+Tomcat

I have a standalone httpd+Tomcat 8.5.65 installation on OpenJDK 11 with OpenCms 11.0.2 for my client's internal website. They have a LDAP network and they're requesting the automated logon using Kerberos (krb5). We configured SPNego and it works on…
user3804769
  • 101
  • 1
0
votes
2 answers

Putting .k5login credentials in ldap with freeipa

On the systems I administer, in addition to human user accounts, we have a number of accounts associated with roles, software and specific data. By using a .k5login file in home directories, it is possible to use ssh to connect to a different…
okapi
  • 140
  • 4
0
votes
1 answer

Access Denied when mounting Kerberised NFS v4 Share

I want to mount an NFS4 share, but with Kerberos security enabled. This is my setup: Debian Server (dns fqdn: nfsv4test.subnet.example.org) Debian Client (dns fqdn: nfsv4client.subnet.example.org) Windows ADC, acts also as KDC My realm is…
Standard
  • 53
  • 7
0
votes
0 answers

NFS4 + Kerberos and ownership of mounted share

I have the following setup: NFS4 server on Debian Buster, Kerberos server on the same machine, no LDAP or AD. The hostname is bohr.digital. List of…
QkiZ
  • 634
  • 2
  • 9
  • 22
0
votes
1 answer

Ubuntu SSSD Auth Error with child/sub AD Domain

Need help authenticating linux (Ubuntu) server that is joined to child domain. I can see the server name on the Domain Controller and able to run authentication test successfully however I am not able to login with my domain account. Seems like a…
AAABL
  • 3
  • 1
  • 3
0
votes
1 answer

Ubuntu 18.04 multi-AD-User mount share in /home

I have an Ubuntu 18.04 server which is joined to our windows domain. I have set up so users can log in to the server using their AD creds which is working great. I also set up script that mounts a windows share automatically at login. sudo mount -t…
TL_Arwen
  • 89
  • 1
  • 8
0
votes
0 answers

Windows Server 2012 R2, Kerberos: Should the SPN "host/localhost" exist?

I noticed that the eventlog "Microsoft-Windows-Security-Kerberos" is filled with the same entry around every minute (sometimes three times per minute, sometimes only after two or three minutes): Event ID: 100 Description (roughly translated from…
Larsen
  • 315
  • 2
  • 14
0
votes
2 answers

Set network.auth.use-sspi in Firefox with Group Policy

I have downloaded the Group Policy templates and copied them to the appropriate location. In gpedit.msc I have set: Computer Configuration > Administrative Templates > Mozilla > Firefox > Authentication > SPNEGO to include the required domain names…
Jon
  • 1
  • 2
1 2 3
77 78