We are setting up a system where we need to re-verify a user's identify before he/she is allowed to perform a specific task. The user enters his/her password into the website, and then PHP runs kinit to verify that the password is correct. We use Kerberos for authentication. This is what we successfully tried on a Linux server:
echo "password123" | kinit username#REALM.COM
The problem is that the system is running on a Windows server. We have installed kinit, but cannot seem to get the same thing to work. Running that same command, with or without the quotes, just gives us this output:
kinit: Generic preauthentication failure while getting initial credentials
Any suggestions on what could be done here?
Edit:
Running simply "kinit" and then entering the password at the prompt, works well.
Related
I've got a macOS 10.13 server running, on which I have recently had to change the hostname (upstream IT requirements) - and I suspect this has broken Kerberos.
Changing the hostname appears to have been successful: I exported the Open Directory setup, modified it, and reimported it into the updated setup - user accounts exist, and manual authentication works as expected. changeip is happy:
mac-mini:~ server_admin$ sudo changeip -checkhostname
dirserv:success = "success"
However SSO from client machines does not appear to be successful.
Attempting to run kinit with a valid user account shows this:
mac-mini:~ server_admin$ kinit test#MAC-MINI.EXAMPLE.COM
test#MAC-MINI.EXAMPLE.COM's password:
kinit: krb5_get_init_creds: Server (krbtgt/MAC-MINI.EXAMPLE.COM#MAC-MINI.EXAMPLE.COM) unknown
Looking at /etc/krb5.conf, I only see this:
[libdefaults]
kdc_timeout=5
...which is the same as it was on my previously-working configuration.
And now I'm a bit stumped. All the documentation for destroying and rebuilding Kerberos setups seem to be out of date. Any ideas?!
Thanks.
i am facing an issue while using the mac. I need to use that PowerShell command on my mac to run application as domain user
runas /netonly /user:user_name "C:\Users\fwa\AppData\Local\Programs\Azure Data Studio\azuredatastudio.exe"
I have tried
sudo -u user_name /Applications/AzureDataStudio.app
it asks password for local user. but in my case user is on External domain
To run Azure Data Studio (ADS) on your mac and login to SQL Server using Windows authentication instead of a username/password, you use the kinit command. I've had best luck using the kinit command through the built-in command window in ADS (you'll be prompted to do so if/when your login fails). Note that your computer needs network access to a kerberos server.
There's some further information about setting this up HERE and HERE.
I tried using Jenkins or my admin username as user and password. For password, I tried to update using sudo passwd jenkins, so I am fine on that. However, I am skeptical about the user name. How do I confirm the username for Jenkins? Can someone pls help me?
During the initial run of Jenkins a security token is generated and printed in the console log. The username is admin
The token should look something like,
*************************************************************
Jenkins initial setup is required. A security token is required to proceed.
Please use the following security token to proceed to installation:
41d2b60b0e4cb5bf2025d33b21cb
*************************************************************
For me the initial admin password was in a log at ~/.jenkins/secrets/initialAdminPassword
after installing with homebrew.
source
If you pod is running in a Kubernetes cluster, just look at the running process … Your initial password will be shown…
e.g.
--argumentsRealm.passwd.admin=**3kJQtPDkhk** --argumentsRealm.roles.admin=admin
Username: admin
For password,
cat /Users/$(whoami)/.jenkins/secrets/initialAdminPassword
you will get similar to this token 2762710d8dab4c88a59fea0a2e559069
I need to run curl commands from a Windows server to an API on a Linux box. When I am on my workstation I just run a kinit and give my user name and pwd for the Kerberos realm.
I have automated scripts in which I need to run a kinit before running the Powershell script. I do not want any manual intervention. I am trying to create a keytab file with my Kerberos account but it is not working -
I am receiving the error message "No key table entry found for user#domain.net while getting initial credentials.
I really don't understand much about Kerberos, and whether the process cares that I am on a Windows server tryng to use a keytab file for this purpose.
Can someone help? I have been going a bit nuts with this...
Thanks for any help!
Look into your keytab if the principal there is the one you are going to use. klist -k -t <keytab>
You are obviously doing wrong. You have to obtain a curl binary for Windows which says with curl --version:
curl 7.46.0 ...
Protocols: http https ...
Features: SSPI Kerberos SPNEGO ...
That's it. Enable SPNEGO auth with curl --negotiate -u : <URL> and you are done. No keytab necessary on Windows.
I am facing a problem:
Could not start Rsync service on Local Computer.
Error 1069: The service did not start due to a logon failure.
Can some body please help me on this?
During the installation, you may have seen where it prompted for a user-name and password with the default user-name and password already typed in. You need to change this to that of the user you are logged in as. If you are logged in as administrator then enter the admin credential