I have a simple Apache setup that works fine when I create a keytab on a domain level authentication works fine. When I create a keytab at the forest level authentication does not work. I get the following error message. Does anyone know what I am doing wrong here? I validated there is the SPN is unique on the AD side.
Code:
[Wed Nov 13 10:55:49 2013] [debug] src/mod_auth_kerb.c(1707): [client x] Client didn't delegate us their credential
[Wed Nov 13 10:55:49 2013] [debug] src/mod_auth_kerb.c(1735): [client x] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from:
# sshd: auth account password session
auth optional pam_krb5.so use_kcminit
auth optional ... (0 Replies)
I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it.
AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
Dear Expert,
i have linux box that is running in the windows domain, BUT did not being a member of the domain. as I am not the System Administrator so I have no control on the server in the network, such as modify dns entry , add the linux box in AD and domain record and so on that relevant.
... (2 Replies)
I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api.
Can anyone point me in the right... (0 Replies)
I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300.
I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
I have installed Kerberos security in my UNIX system but I need to disable because of an application conflict with Kerberos.
So Anybody ca tell me how can I disable it?
Thank you (1 Reply)
CURLOPT_USERNAME(3) curl_easy_setopt options CURLOPT_USERNAME(3)NAME
CURLOPT_USERNAME - user name to use in authentication
SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USERNAME,
char *username);
DESCRIPTION
Pass a char * as parameter, which should be pointing to the zero terminated user name to use for the transfer.
CURLOPT_USERNAME(3) sets the user name to be used in protocol authentication. You should not use this option together with the (older) CUR-
LOPT_USERPWD(3) option.
When using Kerberos V5 authentication with a Windows based server, you should include the domain name in order for the server to success-
fully obtain a Kerberos Ticket. If you don't then the initial part of the authentication handshake may fail.
When using NTLM, the user name can be specified simply as the user name without the domain name should the server be part of a single
domain and forest.
To include the domain name use either Down-Level Logon Name or UPN (User Principal Name) formats. For example, EXAMPLEuser and user@exam-
ple.com respectively.
Some HTTP servers (on Windows) support inclusion of the domain for Basic authentication as well.
To specify the password and login options, along with the user name, use the CURLOPT_PASSWORD(3) and CURLOPT_LOGIN_OPTIONS(3) options.
The application does not have to keep the string around after setting this option.
DEFAULT
blank
PROTOCOLS
Most
EXAMPLE
TODO
AVAILABILITY
Added in 7.19.1
RETURN VALUE
Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.
SEE ALSO CURLOPT_USERPWD(3), CURLOPT_PASSWORD(3), CURLOPT_HTTPAUTH(3), CURLOPT_PROXYAUTH(3)libcurl 7.54.0 December 21, 2016 CURLOPT_USERNAME(3)
