MIT implementation of Kerberos (https://web.mit.edu/kerberos/)
MIT implementation of Kerberos (https://web.mit.edu/kerberos/)
documentation can be found here : https://web.mit.edu/kerberos/krb5-latest/doc/
Questions tagged [mitkerberos]
68 questions
0
votes
1 answer
Ubuntu 21.10 with Samba AD unable to create domain trust account
I am trying to add domain trust account for additional kerberos5 (MIT) domain
in Samba AD DC with command:
net rpc trustdom add
-UAdministrator%
What happens is that the account is created into Samba ldap…
Sami Hulkko
- 1
- 1
0
votes
2 answers
Putting .k5login credentials in ldap with freeipa
On the systems I administer, in addition to human user accounts, we have a number of accounts associated with roles, software and specific data.
By using a .k5login file in home directories, it is possible to use ssh to connect to a different…
okapi
- 140
- 4
0
votes
1 answer
Apple client unable to login with LDAP backend and GSSAPI or PLAIN
I have a OpenLDAP server with Kerberos5 for authentication and on Linux/Unix/Windows environments I am able to login without a problem.
The LDAP server is configured to use GSSAPI or PLAIN that passes trough SASL2 the password to PAM that…
Sami Hulkko
- 1
- 1
0
votes
2 answers
Set network.auth.use-sspi in Firefox with Group Policy
I have downloaded the Group Policy templates and copied them to the appropriate location.
In gpedit.msc I have set:
Computer Configuration > Administrative Templates > Mozilla > Firefox > Authentication > SPNEGO
to include the required domain names…
Jon
- 1
- 2
0
votes
1 answer
Kerberos rdns=false Breaking Connections From Linux Clients to Windows IIS Server
Recently I changed the krb5.conf file on Linux clients to use:
[libdefaults]
rdns = false
These clients can still successfully use kerberos auth to connect to other Linux webservers. However, now their connections break to IIS webservers. An…
Howard_Roark
- 55
- 7
0
votes
1 answer
ubuntu ignores default_ccache_name
I'm having trouble with Kerberos and Ubuntu 20.04.
Im running a FreeIPA Server, but since it works on my Centos machines, I guess it's a client issue.
The big goal is to have a SSO System, for multiple services. Mostly it works as intended, but one…
Poehli
- 103
- 3
0
votes
1 answer
MIT Kerberos renew lifetime does not work
I am trying to figure out why my tickets only get a renewable life of 0 instead of 7 days as I specified.
I tried setting both the max_renewable_life (as indicated in another question) as well as renew_lifetime to 7 days (7d and 856800) in my…
comfix
- 11
- 4
0
votes
1 answer
Single sign on using SSSD against OpenLDAP server with Kerberos SASL/GSSAPI
Authentication against Kerberos and authorization against an LDAP directory is working for me. Now I'm looking for the client setup on Debian Buster using sssd.
I started with LDAP authentication with nss-pam-ldapd using SASL Proxy Authorization on…
Ingo
- 416
- 5
- 13