2

My company gave me a windows7 computer, however I prefer to work within a virtual machine running Ubuntu 16.04. Why doesn't my virtual Ubuntu machine authenticate with Kerberos, they do have the same IP address but obviously something more is missing. My question is what's missing, and how to fix it?

Mats Faugli
  • 161
  • 8

1 Answers1

3

Kerberos does not work with IP addresses, it relies on domain names and correct DNS entries only. See this marked answer on this topic.

You also can't do Kerberos authentication scenarios with client, server and KDC all running on the same machine. There are known issues with that.

John R Smith
  • 848
  • 7
  • 18
  • Hmm, I tried to change the hostname with `hostnamectl set-hostname ` but that doesn't help. According to [this post](https://adrianhesketh.com/2015/07/30/getting-linux-virtual-machines-on-a-windows-host-access-to-the-internet-through-an-ntlm-proxy/), you can use CNTLM as a Kerberos Authentication Proxy but I haven't been able to configure it properly. So there must be some client software running in my guest os that is capable of handling the Kerberos authentication, isn't that right? – Mats Faugli Nov 20 '17 at 11:23
  • 1
    As NTLM and Kerberos are two different protocols, you might be able to use them together in a protocol transition scenario but doing them on the same machine is asking for trouble. See (https://stackoverflow.com/questions/2973355/defective-token-detected-error-ntlm-not-kerberos-with-kerberos-spring-securi/3410254#3410254) for why that scenario is asking for trouble. My answer about IP addresses is correct. You're really moving the goal posts here now, asking about NTLM and authentication proxies. That's not really fair to people who are trying to answer your original question. – John R Smith Nov 20 '17 at 14:14
  • 1
    You also can't do Kerberos authentication scenarios with client, server and KDC all running on the same machine. There are known issues with that. – John R Smith Nov 21 '17 at 01:19
  • 2
    Answer accepted. Thanks for pointing me in the right direction, I will eventually read up on that, but I still don't understand the protocol and how the authentication works. I probably asked the wrong questions though. – Mats Faugli Nov 21 '17 at 14:56