Login or Register to Ask a Question and Join Our Community


AIX

Problems with kerberos and forest domain

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Problems with kerberos and forest domain
# 1  
Old 11-13-2013
Problems with kerberos and forest domain
Hi,

I have a simple Apache setup that works fine when I create a keytab on a domain level authentication works fine. When I create a keytab at the forest level authentication does not work. I get the following error message. Does anyone know what I am doing wrong here? I validated there is the SPN is unique on the AD side.

Code:
[Wed Nov 13 10:55:49 2013] [debug] src/mod_auth_kerb.c(1707): [client x] Client didn't delegate us their credential
[Wed Nov 13 10:55:49 2013] [debug] src/mod_auth_kerb.c(1735): [client x] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.

Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. OS X (Apple)

OSX and Kerberos

Our Network Security folks have mandated that we "Kerberize" our systems to allow them to perform an authenticated scan. This consists of instructions to change /etc/pam.d/sshd from: # sshd: auth account password session auth optional pam_krb5.so use_kcminit auth optional ... (0 Replies)
Discussion started by: jnojr
0 Replies

2. AIX

Problems with Kerberos and realms

I'm fairly new to UNIX-land, and one of my first assigned tasks was to try to set up Kerberos authentication on an unused partition. Hopefully everything makes sense, but please let me know if any clarification is needed with any of it. AIX 7.1, and while I found various docs on the subject, a... (11 Replies)
Discussion started by: PassLine
11 Replies

3. Windows & DOS: Issues & Discussions

How to: Linux BOX in Windows Domain (w/out joining the domain)

Dear Expert, i have linux box that is running in the windows domain, BUT did not being a member of the domain. as I am not the System Administrator so I have no control on the server in the network, such as modify dns entry , add the linux box in AD and domain record and so on that relevant. ... (2 Replies)
Discussion started by: regmaster
2 Replies

4. Programming

Kerberos Authentication c/c++

I am in the process of developing a application that needs to be able to authenticate users details with a kerberos server, which is proving to be rather difficult. There seems to be a lack of good information on how to do this using the MIT kerberos api. Can anyone point me in the right... (0 Replies)
Discussion started by: mshindo
0 Replies

5. AIX

SSH and Kerberos

I have 2 servers (lft1 and lft3) running AIX 5.3 ML 5. Both are installed with krb5.client.rte 1.4.0.4 and openssh.base.server 4.3.0.5300. I have configured some of the users on both servers to authenticate against our Windows 2003 Active Directory. From my PC, I can use telnet to login... (1 Reply)
Discussion started by: asch337
1 Replies

6. Solaris

kerberos security

i m new 2 unix world can some body explain me abt kerberos pls explain in detail..! (2 Replies)
Discussion started by: sriram.s
2 Replies

7. Cybersecurity

Kerberos security

I have installed Kerberos security in my UNIX system but I need to disable because of an application conflict with Kerberos. So Anybody ca tell me how can I disable it? Thank you (1 Reply)
Discussion started by: dansanmex
1 Replies
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

curlopt_userpwd

CURLOPT_USERPWD(3)					     curl_easy_setopt options						CURLOPT_USERPWD(3)

NAME

       CURLOPT_USERPWD - user name and password to use in authentication

SYNOPSIS

       #include <curl/curl.h>

       CURLcode curl_easy_setopt(CURL *handle, CURLOPT_USERPWD, char *userpwd);

DESCRIPTION

       Pass  a	char  *  as  parameter,  pointing  to  a  zero	terminated  login details string for the connection. The format of which is: [user
       name]:[password].

       When using Kerberos V5 authentication with a Windows based server, you should specify the user name part with the domain name in order  for
       the server to successfully obtain a Kerberos Ticket. If you don't then the initial part of the authentication handshake may fail.

       When  using  NTLM,  the	user  name  can be specified simply as the user name without the domain name should the server be part of a single
       domain and forest.

       To specify the domain name use either Down-Level Logon Name or UPN (User Principal Name) formats. For example, EXAMPLEuser and	user@exam-
       ple.com respectively.

       Some HTTP servers (on Windows) support inclusion of the domain for Basic authentication as well.

       When  using  HTTP and CURLOPT_FOLLOWLOCATION(3), libcurl might perform several requests to possibly different hosts. libcurl will only send
       this user and password information to hosts using the initial host name (unless CURLOPT_UNRESTRICTED_AUTH(3) is set), so if libcurl follows
       locations to other hosts it will not send the user and password to those. This is enforced to prevent accidental information leakage.

       Use  CURLOPT_HTTPAUTH(3)  to specify the authentication method for HTTP based connections or CURLOPT_LOGIN_OPTIONS(3) to control IMAP, POP3
       and SMTP options.

       The user and password strings are not URL decoded, so there's no way to send in a user name containing a colon using this option. Use  CUR-
       LOPT_USERNAME(3) for that, or include it in the URL.

       The application does not have to keep the string around after setting this option.

DEFAULT

       NULL

PROTOCOLS

       Most

EXAMPLE

       TODO

AVAILABILITY

       Always

RETURN VALUE

       Returns CURLE_OK on success or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

       CURLOPT_USERNAME(3), CURLOPT_PASSWORD(3),

libcurl 7.54.0							 December 21, 2016						CURLOPT_USERPWD(3)