Kerberos' role in a 'std. setup' without bells & whistles
From: Kim Noer (kn_at_nospam.dk)
Date: 06/30/05
- Next message: Steven L Umbach: "Re: Query Process permissions"
- Previous message: Andy Roxburgh: "Re: Admin / Domain Admin rights problem"
- Next in thread: Steven L Umbach: "Re: Kerberos' role in a 'std. setup' without bells & whistles"
- Reply: Steven L Umbach: "Re: Kerberos' role in a 'std. setup' without bells & whistles"
- Reply: Roger Abell: "Re: Kerberos' role in a 'std. setup' without bells & whistles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Jun 2005 19:29:48 +0200
Hi there...
I haven't quite figured out just yet, what my DC uses Kerberos for, so can
anyone here clue me in, what it is used for[1]? I've figured out it's about
issueing tickets in some security context, and that my DC current acts as a
Kerberos Key Distribution Center- and it somehow relates to LDAP/AD. But a
look in my event log shows that it runs in a rather fault way -
Event ID 594 :
A Kerberos Error Message was received:
on logon session InitializeSecurityContext
Client Time:
Server Time:
Error Code: 4:30:5.0000 6/30/2005 (null) 0x20
Extended Error: KRB_AP_ERR_TKT_EXPIRED
Client Realm:
Client Name:
Server Realm: domain.tld
Server Name: krbtgt/domain.tld
Target Name: krbtgt/domain.tld@domain.tld
Error Text:
File:
Line:
Error Data is in record data.
And since I apparently don't know what the server is using Kerberos for it
makes it difficult to nick this error. Futhermore, a search on this error,
indicates to me that it's quite an extensive task to fix it - eek!
A "klist tickets" shows some tickets that have expired, but not reviewed -
Server: myDC@domain.tld
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT
End Time: 6/17/2005 7:16:25
Renew Time: 6/23/2005 21:16:25
- presumeably, this failure to renew the ticket, is what generets the error
in the event log?
[1] I primarily need some quick advice that enables to either investigate
further (read up on Kerberos etc.) if you think I need Kerberos, or some
advice on how to disable Kerberos, if you think I don't need Kerberos.
-- I doubt, therefore I might be.
- Next message: Steven L Umbach: "Re: Query Process permissions"
- Previous message: Andy Roxburgh: "Re: Admin / Domain Admin rights problem"
- Next in thread: Steven L Umbach: "Re: Kerberos' role in a 'std. setup' without bells & whistles"
- Reply: Steven L Umbach: "Re: Kerberos' role in a 'std. setup' without bells & whistles"
- Reply: Roger Abell: "Re: Kerberos' role in a 'std. setup' without bells & whistles"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
