Questions tagged [kerberos]
Kerberos is a network authentication system based on shared key cryptography. It is the underlying authentication system used by current versions of Active Directory and is widely used by large organizations.
206 questions
5
votes
1
answer
254
views
Kerberos Protocol? Is this correct?
I'm reading what Kerberos : The Definitive Guide, the original paper from Xerox (Needham - Schroeder) , MIT site and Wikipedia. I'm having some challenges putting the protocol together. Is this ...
- 155
1
vote
0
answers
90
views
How to debug chpasswd "Authentication token manipulation error"
I'm trying to programmatically change a user's password using chpasswd, but I'm getting the following error:
/sbin/chpasswd <<< "0s22xmgW:<new_password>"
chpasswd: (user ...
- 1,005
0
votes
1
answer
47
views
Pam with krb5: very strange local user login, krb5 user login, root..no
This is my pam.conf for Slackware 15.0
#%PAM-1.0
#
# Most of these PAM modules have man pages included, like
# pam_unix(8) for example.
#
##################
# Authentication #
##################
...
- 14.2k
0
votes
1
answer
34
views
Mit krb5 server: where is kpasswd daemon? How the server can change user password?
On Kerberos with have 3 "servers" kdc is the key distribution center, as name said provide "tickets", kadmin is for admin the server (add principals, keytabs, etc.), and finally ...
- 14.2k
1
vote
0
answers
1k
views
Bursts of errors "Failed to initialize credentials using keytab [MEMORY:/etc/krb5.keytab]: Client (...) not found in Kerberos database."
I have set up some RHEL9 servers to authenticate through the AD for the domain EXAMPLE.XYZ; this is done via Ansible playbooks, and so far all works well. (It's the same setup as this previous ...
- 32.3k
0
votes
0
answers
463
views
How to install kerberos client on Ubuntu 22
I was asked to integrate some new Ubuntu 22 boxes into an existing Kerberos instrastructure. I found several references for installing a kerberos client which all start with:
sudo apt-get install krb5-...
2
votes
1
answer
103
views
How to set correctly a password aging using krb5?
I have a Solaris server, it use ldap for user authentication and kerberos for password.
The user can change his password, I have only problem with password aging
for example:
passwd -r ldap -n 12 ...
- 14.2k
0
votes
1
answer
32
views
The "-glob" option of ktadd of kadmin
I'm studying some kerberos today, making test with ktadd I found a "mysterious" -glob option.
What does it mean -glob?
I see..
Usage: ktadd [-k[eytab] keytab] [-q] [-e keysaltlist] [...
- 14.2k
0
votes
1
answer
58
views
Kerberos kdc, how to force generation of AES keys on Solaris?
I want to avoid old and weak ciphers on my Solaris kdc, using only AES.
I have edited kdc.conf
master_key_type = aes256-cts-hmac-sha1-96
supported_enctypes = aes256-cts-hmac-sha1-96:normal ...
- 14.2k
-1
votes
1
answer
62
views
How to edit /etc/krb5.conf from cli with crudini?
I'm trying to edit /etc/krb5.conf with crudini.
I tried this :
$ sudo crudini --set /etc/krb5.conf libdefaults renew_lifetime 7d
Source contains parsing errors: '<???>'
[line 2]: ...
- 2,453
0
votes
0
answers
468
views
Disabling Kerberos on Ubuntu
Our security tooling is flagging potential vulnerabilities in krb5, for the sake of this question lets just assume Kerberos is not a value add for me.
We do not use Kerberos for authentication to this ...
1
vote
0
answers
106
views
ansible rsync command fails from using non-kerberos ssh on remost system
I wish to rsync a directory structure from one remote server to another - using an Ansible playbook.yml. During the play, the ansible shell module's command for rsync fails. I know the reason - it's ...
- 111
2
votes
1
answer
374
views
KRB5 autentication using sssd only checks first domain
I am using both Red Hat and Ubuntu, but I'll start with Ubuntu (18.04.6).
I want to authenticate with two KRB5 realms (not joined to AD); I'll call them REALM1 and REALM2. Some users are in REALM1, ...
- 330
1
vote
2
answers
74
views
Help importing kerberos key into openafs
I'm having trouble exporting and importing kerberos keys into openafs.
My first problem is that when using addprinc and ktadd commands in kadmin.local, the encryption key type -e option appears to be ...
- 1,005
0
votes
1
answer
685
views
How to join the Ubuntu 22.04 Server to the Window Active Directory
I have new server running on the ubuntu and I want to join that server to our existing AD which is resolve as "ad.xyz.edu" and under that AD our department (OU) "med.abc.edu" is ...
