Stack Overflow
Stack Overflow

Questions tagged [kdc]

Key Distribution Center (KDC) is part of a cryptosystem intended to reduce the risks inherent in exchanging keys. KDCs often operate in systems within which some users may have permission to use certain services at some times and not at others and is a fundamental part of the Kerberos authentication protocol.

Key Distribution Center (KDC) is part of a cryptosystem intended to reduce the risks inherent in exchanging keys. KDCs often operate in systems within which some users may have permission to use certain services at some times and not at others and is a fundamental part of the Kerberos authentication protocol.

36 questions
7
votes
5 answers

KDC has no support for encryption type (14)

I'm trying to implement SSO with kerberos using spring-security-kerberos extension. I've created a keytab file and I get the following error when trying to access my webapp: GSSException: Failure unspecified at GSS-API level (Mechanism level:…
Lior Chaga
  • 1,424
  • 2
  • 21
  • 35
4
votes
1 answer

How do I get Kerberos authentication working in k8s

I'm trying to authenticate via kerberos in AWX. I'm hosting AWX in Azure Kubernetes Services. KDC that we use is ldap. I'm able to communicate with the ldap server with ping and over port 88 with telnet when executing from the container itself. I'm…
Ian Clark
  • 77
  • 1
  • 8
4
votes
3 answers

openldap + kerberos - unable to reach any KDC in realm

I have a ldap server + kerberos setup in a centos vm (running using boot2docker vm) And i am trying to use them for my web application authentication (from host - my macbook). For authentication, i need to use the "GSSAPI" mechanism, not the simple…
heartpicker
  • 90
  • 1
  • 1
  • 5
2
votes
1 answer

couldn't get kerberos ticket for realm

I have successfully built an Active Director on AWS. I can ping the directory from Centos7 EC2 instance located in the same VPC. Now, I try to join the realm, but I receive the following errors: [ec2-user@ip-172-22-2-182 ~]$ sudo realm join…
Sam
  • 31
  • 1
  • 2
  • 4
1
vote
1 answer

What should we use as a "cname" or "principal" when requesting a ticket from a Windows KDC with AltSecurityIdentities enabled

TL;DR: What kind of KRB5 AS-REQ ticket requests would a home-brew Kerberos client create when asked to use AltSecurityIdentities certificate fields for ticket requests? But why? I have a set of custom Java classes that knows how to extract a UPN…
fa447916-e9f4-4f4d-8e23-0345dd
  • 11
  • 5
1
vote
1 answer

How to communicate with two different KDC servers from single Java client program using Java GSS-API and Kerberos 5?

I am using Java GSS-API with Kerberos for secure Authentication. I implemented sample Server and sample Client programs, and Client is able to successfully authenticate and get the service from Server. For these sample programs I passed the KDC…
Prashanth Reddy
  • 13
  • 3
1
vote
0 answers

ASP.NET Core Web API with Kerberos Ticket forwarding

I am building Web API with ASP.NET Core hosted on IIS that will act as proxy integrating a few services. I need to forward user credentials/identity to specific services managed by my API and to do so i want to enable ticket forwarding in…
Paweł Okrasa
  • 80
  • 5
1
vote
1 answer

kerberos config single kdc with multiple domains

we are trying to config a single kerberos server with multiple domains (its a requisite) , so I ended up creating 2 databases like that and some principals in each database (verything is fine, I can log into both database and see the diferent…
Flechoide
  • 75
  • 3
  • 10
1
vote
1 answer

kdb5_util dump gives Server error

I have been trying to dump my Kerberos database (ldap backend) using kdb5_util dump (filename), but I get: kdb5_util load_dump version 6 kdb5_util: error performing Kerberos version 5 release 1.8 dump (Server error) policy default 0 0 …
Kestrel
  • 51
  • 8
1
vote
2 answers

Start kdc in Dockerfile

In Dockerfile, I put in the following: COPY docker-files/krb5.conf /etc RUN /usr/sbin/krb5kdc -P /var/run/krb5kdc.pid; Expectation is that KDC would be started when I use "docker run -it" command. However, KDC is not running after starting docker…
Ted
  • 379
  • 1
  • 5
  • 18
1
vote
1 answer

Kerberos SPN gets cached on Windows Servers?

Been integrating Kerberos authentication in my SSO project. Came across a peculiar scenario. I made a new user and attached an SPN to it. Followed steps on this question and got everything working. By everything I mean :- kinit username - and then…
Nikhil L
  • 175
  • 1
  • 3
  • 16
1
vote
0 answers

HDP 2.5 - Error is Kerberizing sandbox

I'm trying to kerberize HDP 2.5, and getting error when using doing this... Link being used to kerberize: https://docs.hortonworks.com/HDPDocuments/Ambari-2.2.1.1/bk_Ambari_Security_Guide/content/_installing_and_configuring_the_kdc.html I've…
Karan Alang
  • 869
  • 2
  • 10
  • 35
1
vote
0 answers

Get the ticket from KDC(centos7) in my windows but still cannot reach the web URL

I am new to Hadoop and I made a Hadoop cluster with 3 centos machine in my VMware, and I also kerberosing the cluster, it works fine in the VMware, I can reach the URL by FireFox in CenotOS machine However, when I try to reach the page outside the…
Rye
  • 11
  • 3
1
vote
1 answer

How to set iteration count for a active directory account

I have a client machine and Windows 2008R2 (KDC) server. I created an account for the client to be able to log on to KDC server. On the client machine I specified the encryption as AES 256 and set the iteration count as 5000. How do I set the same…
pras007
  • 115
  • 11
1
vote
0 answers

Kerberos: Windows Server 2008 and Linux KDC Interoperation

Still a Kerberos related problem as a subsequent of this one. In fact, I just want to enable the Windows Server 2008 and Linux KDC interoperability, so a full featured Samba server is not necessary. After another day's trial, I find this…
Summer_More_More_Tea
  • 12,740
  • 12
  • 51
  • 83
1
2 3