Questions tagged [kerberos]

Kerberos is a network authentication system based on shared key cryptography. It is the underlying authentication system used by current versions of Active Directory and is widely used by large organizations.

Kerberos is a network authentication system based on shared key cryptography. It uses a central service called a KDC, which answers authentication requests from clients and allows for a lot of central control (such as centrally locking users). It is the authentication protocol underlying Active Directory and is widely used by large organizations.

One nice property of Kerberos is that, when fully implemented by all protocols used by the user, the user's credentials (password or key) never leave their local system. The only thing that leaves the system are authenticators with a relatively short lifetime, which greatly reduces the risk when other systems are compromised. However, it is common to have to occasionally send Kerberos passwords to a server for validation over SSL, which diminishes this benefit.

Kerberos is commonly used via GSS-API (Generic Security Service API), often via a protocol framework such as SASL or SPNEGO.

187 questions

votes

2 answers

SSH authentication using gssapi-keyex or gssapi-with-mic (publickey not permitted)

My company has disabled SSH public key authentication, therefore I have to manually enter each time my password (I am not suppose to change /etc/ssh/sshd_config). However gssapi-keyex and gssapi-with-mic authentications are enabled (please see below…

ssh authentication kerberos

asked Aug 30 '13 at 12:37

oHo

1,248
1
12
22

votes

1 answer

Get a Kerberos service ticket from the command line

I am in the process of debugging a Kerberos setup. I have a valid krb5.conf and I can call kinit USERNAME to get a Ticket Granting Ticket (TGT): Credentials cache: /root/krb5cc_root Default principal: [email protected] Number of entries: 1 [1]…

command-line kerberos

asked Jun 05 '14 at 02:29

ixe013

votes

2 answers

How could I eliminate Kerberos for passwd?

When I issue a command to change my password like this: sudo passwd huahsin The system prompt me: Current Kerberos password: I don't know what I have done to the system configuration, how could I eliminate this Kerberos thing when I change my…

linux kerberos passwd

asked Feb 20 '14 at 02:30

huahsin68

1,847
8
22
25

votes

1 answer

PAM vs LDAP vs SSSD vs Kerberos

I am basically aware of what these services do separate from each other. What I want to know: what exactly happens on a successful login in a linux based network that uses all of these services? In which order these services are consulted? What…

asked Jan 02 '17 at 11:24

tfh

votes

2 answers

Automatic kerberos ticket initialization on login

I'm using ksshaskpass to add my password protected keys into ssh-agent upon logging into KDE, is there something similar for kerberos?

kde login kerberos

asked Apr 26 '11 at 06:19

Šimon Tóth

8,098
12
40
67

votes

1 answer

KrbException: Fail to create credential. (63) - No service creds

I am working on setting up Tomcat 8.0.35 on Ubuntu 16.04 with Oracle Java 1.8.0_91-b14 (not openjdk) to use Kerberos authentication when authenticating to our Microsoft SQL database. The issue I am running into is that after running kinit as the…

linux tomcat kerberos sql

asked Jun 23 '16 at 19:49

TimBourne

votes

1 answer

List Kerberos principals with valid TGTs

Is it possible to query my (MIT) Kerberos KDC to return a list of principals who have been issued TGTs that are currently valid? My use case is that I would like to find out which users are currently logged in on any machine in a networked…

administration kerberos

asked Jul 29 '14 at 01:37

Joseph R.

38,849
7
107
143

votes

1 answer

How do I clear a user's cached Active Directory password on CentOS 7?

I built a CentOS 7 install on my company laptop and configured it to authenticate to the company AD servers like so: Install packages: yum install sssd realmd oddjob oddjob-mkhomedir adcli samba-common samba-common-tools krb5-workstation…

centos ldap active-directory kerberos sssd

asked May 20 '18 at 14:23

DirkNiblick

votes

1 answer

Kerberos authentication fails with forced password change

I have configured PAM authentication to use Kerberos and can authenticate correctly with my principals using their Kerberos credentials. I ran into trouble when I tried to create a principal with an expired password: kadmin: addprinc +needchange…

kerberos

asked Jul 01 '14 at 00:44

Joseph R.

38,849
7
107
143

votes

1 answer

Keep kerberos ticket across sudo invocation

On a regular linux machine, when I use sudo -s as a normal user, I become root but HOME still points to ~user, so every admin has his own environment etc. (this is without env_reset or always_set_home set). On a system where the home directories…

sudo kerberos afs

asked Aug 10 '12 at 11:55

Joachim Breitner

1,347
2
16
25

votes

1 answer

Public Key Auth + Kerberos

I've setup public key authentication for enabling SSH connection into my university machine. However, it only logs me in on the local machine and doesn't give me Kerberos credentials which I need for accessing my network folder. This causes problems…

ssh openssh kerberos

asked Jun 11 '12 at 19:37

Opt

votes

2 answers

SSH login without password with kerberos

I try to login onto a server which only supports login with kerberos authentication. Here's what I try: kinit [email protected] aklog -c foo.org ssh server But then I'm asked again for a password. Here's what I have in my ~/.ssh/config for the entry…

ssh authentication kerberos

asked Oct 19 '16 at 19:23

pfnuesel

5,702
8
35
60

votes

3 answers

Why do I get permission denied error when I log out of the SSH session?

I have to run some tests on a server at the University. I have ssh access to the server from the desktop in my office. I want to launch a python script on the server that will run several tests during the weekend. The desktop in the office will go…

ssh permissions tmux kerberos afs

asked Aug 05 '16 at 13:56

Bakuriu

votes

4 answers

How to automate ktutil to immediately list keytab entries?

I use MIT ktutil a lot on Linux and I am fed up using the following sequence, even if command shortcuts and file name completion are here to help: ktutil rkt my.keytab l Isn't there a way to get the same result in a "one-line" way from the shell?…

shell kerberos

asked Aug 28 '14 at 09:47

Yves Martin

votes

1 answer

Understanding Kerberized NFSv4 Authorization

Articles such as this one seem to point out that Kerberizing NFS(v4) mounts not only prevents machines without a Kerberos service ticket from mounting the shared directory but also uses the user's Kerberos ticket to authorize user actions on the…

nfs kerberos

asked Jul 12 '14 at 16:04

Joseph R.

38,849
7
107
143

2 3

…

12 13 Next