Questions tagged [kerberos]

Kerberos is a computer network authentication protocol, which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed primarily at a client–server model, and it provides mutual authentication — both the user and the server verify each other's identity.

As many vendors have their own implementation of Kerberos, configuration details for each implementation is likely to vary. Here are some links that may help those troubleshooting Kerberos on commonly used paltforms.

RFC Kerberos - http://www.faqs.org/rfcs/rfc1510.html
Kerberos Blogs by AD support team at Microsoft - http://blogs.technet.com/b/askds/archive/tags/Kerberos/
Kerberos blogs by Open Specification team at Microsoft - http://blogs.msdn.com/b/openspecification/archive/tags/Kerberos/
Ubuntu Linux post on Kerberos - https://help.ubuntu.com/community/Kerberos

1168 questions

votes

0 answers

Why is it common in the startup world for ssh keys to be used for authetication instead of kerberos?

My first few jobs as a linux admin had be working under some very senior admins. In all of these cases kerberos was setup for users to request a security token and gain access to company servers for a set amount of time. Now as I have started…

asked Nov 07 '15 at 18:49

Jacob Taleb

votes

2 answers

Privileges when doing sudo to another domain user

Suppose I have a corporate domain mydomain using MS Active Directory. In the domain I have the users myuser and youruser. Now, on one specific Ubuntu machine mymachine, myuser has sudo rights, and does sudo su youruser (or sudo -u youruser sh).…

linux authentication kerberos sudo upstart

asked Jun 24 '15 at 05:33

JHH

votes

0 answers

Samba authentication and LDAP

I have an OpenLDAP server that I use for authentication and authorization for various services. All users are of object type inetOrgPerson and my groups are groupOfNames. Now I want to configure Samba to authenticate against LDAP as well (with group…

authentication openldap kerberos samba4 authorization

asked Jun 17 '15 at 05:47

Chris

votes

3 answers

Check Primary Authentication Protocol for Active Directory (NTLM or Kerberos?)

How can I check, from a client machine (in Global Group)(also is local admin), whether the domain controller is authenticating my login request to the domain using NTLM or Kerberos? I know that Kerberos is enabled by default, but the domain Admin…

active-directory authentication kerberos ntlm

asked Apr 11 '15 at 15:11

Andrew Watson

votes

2 answers

March 10th Patch Tuesday appears to cause SQL Server client connection problems

Since applying the full set of patches on a Win 7.1 Pro desktop and a Windows 2012 R2 Datacenter Azure server running SQL 2014, SQL Management Studio (2008 and 2014 versions) won't connect to the SQL 2014 Azure server. The client connection attempt…

windows sql-server kerberos windows-update ntlm

asked Mar 13 '15 at 12:43

Spike

votes

3 answers

Alternatives to Kerberos for passwordless server access

I have a bunch of Linux servers and three Windows servers 2008 R2. I would need a solution which would enable passwordless SSH login from each of those servers to all others. I could do this by generating keys on all machines and distribute them to…

linux windows ssh kerberos

asked Feb 17 '15 at 14:33

Reb

votes

2 answers

Why does a SPN on a different host cause a server to lose its trust? How should I fix it?

I have a brand new server image that loses its trust as soon as it's joined to the domain. I suspect it's because of the duplicate SPN I discovered using the LDAP version of this Powershell script Powershell script #Set Search cls $search =…

kerberos active-directory spn

asked Dec 12 '14 at 04:23

makerofthings7

8,911
34
121
197

votes

3 answers

In a Windows PKI, what is a Workstation Authentication CA Template used for? What happens if it expires?

Many workstations have an expiring computer certificate that was issued using the Workstation Authentication CA template. The CA of this template expires in 2 days. I've deployed a new CA, with an extended date, and have successfully enrolled many…

active-directory kerberos ad-certificate-services

asked Dec 06 '14 at 15:21

makerofthings7

8,911
34
121
197

votes

2 answers

IIS 7.5 web application failing with NT Authority\Anonymous Logon

I am finding various google results, but none seem to fix my problem. I am setting up a new WINDOWS 2008 R2 box at work that is to communicate with an existing SQL 2012 box via web tools running in IIS 7.5 within our intranet. We are to use windows…

sql-server iis-7.5 kerberos windows-authentication application-pools

asked Dec 03 '14 at 19:59

Dan Appleyard

votes

1 answer

Cross-Realm trust verify failed with 'netdom' command

Question 1: Am having my ActiveDirectory in Windowsserver 2012 machine - its domain name is AD-DEMO.LOCAL Kerberos admin-server is in another Ubuntu machine - its realm KERBEROS.COM Added trust in 'Active Directory Domains and…

active-directory windows-server-2012 kerberos mitkerberos

asked Nov 21 '14 at 06:52

Dinesh Kumar P

votes

7 answers

Kerberos Configuration Manager for SQL Server error "unable to access user principal information from the system"

When I launch the Kerberos Configuration Manager for SQL Server and try to connect to the local machine it's on, I am getting the error "Kerberos Configuration Manager for SQL Server error "unable to access user principal information from the…

windows-server-2008-r2 sql-server kerberos ssrs

asked Sep 16 '14 at 17:23

Geoff Dawdy

votes

1 answer

Does IIS NTLM/Kerberos authentication still work with an offline domain controller?

We have multiple IIS instances spread across remote regional branches. Each IIS instance (v.7.5) is running the same application and authenticates its users with Integrated Authentication (NTLM in the providers list). A few branches get frequently…

windows security iis kerberos ntlm

asked Nov 19 '13 at 07:49

Starbuck3000

votes

4 answers

How to re-join an AD2003 domain with Samba after deleting the machine account?

During some troubleshooting I deleted the machine account for a Linux server running samba from our AD 2003 domain. We are using Kerberos for authentication, and after I deleted the machine account I tried to join the domain again using net ads join…

linux active-directory samba kerberos

asked Aug 18 '09 at 13:27

Guss

2,670
5
34
59

votes

3 answers

Kerberos - Adding a SPN to a Domain User

When adding a new SPN into the Kerberos domain, you have the option of mapping the SPN to a user. In general, I join the domain through Integrated Windows Authentication, and this creates a new computer account for the service, but now, I would like…

active-directory kerberos service integrated-authentication spn

asked Sep 23 '13 at 16:02

lululoo

votes

2 answers

If an IIS hosted site is secured using Kerberos, can Linux machines connect to it?

I'm running into a problem configuring my IIS 7.0 website in a test environment with Kerberos. I have a trial version of Windows Server 2008 R2 with AD DS, AD RMS, DHCP, DNS & IIS roles installed. I have gone into the IIS security settings for the…

active-directory windows-server-2008-r2 iis-7 kerberos

asked Sep 03 '13 at 17:58

D. G.

Prev 1 2 3

…

77 78 Next