Does 10.4.6 SMB support Kerberos authentication?

Our company is heading towards using Kerberos authentication to access home directories shared via NFS and CIFS/SMB. I did some searching but wasn't able to determine if OS X 10.4.6 supported Kerberos auth. in it's version of SMB. Does it?

Hello a brody and Kiraly,
thanks for the answers and much appreciate your hints regarding memory.
Was thinking about the upgrade mostly for future security updates - they surely will end for 10.3.9 at some point in time, won't they? - and potentially for EAP-FAST. Application-wise I'm fine with eMail, Office and Telnet/SSH but when a memory on eBay comes along I may think about it
Again thanks for your help!
Regards, Marc

Similar Messages

  • IChat - Host does not support Kerberos authentication

    Hi all,
    I have been trying but with no success to set up an iChat server on 10.6. Our OS X server is bound to AD and will hopefully be using AD to authenticate the iChat clients. I have followed Apple's guide on commenting out the <!-- <cram-md5/> --> section of the c2s.xml file which hasn't solved our problems. Open Directory isn't running as a master it is connected to another directory (our AD directory), and as a test I set up a Wiki server on the same box and this does allow us to authenticate against AD.
    The error message we are receiving in iChat is "The host example.com does not support Kerberos authentication. The client is set to use Kerberos, the username format is [email protected] all I think the correct settings.
    Under iChat General Settings on the server the Host Domain is example.com, SSL Certificate: No Certificate, Authentication: Any Method, and Enable XMPP server-to-server federation is enable for all domains.
    This is our jabber fullstatus:
    jabber:state = "RUNNING"
    jabber:readWriteSettingsVersion = 1
    jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
    jabber:logPaths:MUCSTDLOG = "/var/jabberd/log/mu-conference.log"
    jabber:logPaths:JABBER_LOG = "/var/log/system.log"
    jabber:proxyState = "RUNNING"
    jabber:currentConnections = "0"
    jabber:currentConnectionsPort1 = "0"
    jabber:currentConnectionsPort2 = "0"
    jabber:pluginVersion = "10.6.100"
    jabber:serviceMode = "CHATSERVER"
    jabber:domainName = "example.com"
    jabber:mucState = "RUNNING"
    jabber:servicePortsAreRestricted = "NO"
    jabber:servicePortsRestrictionInfo = emptyarray
    jabber:hosts:arrayindex:0 = "example.com"
    jabber:setStateVersion = 1
    jabber:startedTime = "2010-10-07 16:12:01 +0100"
    jabber:jabberdState = "RUNNING"
    This is our changeip -checkhostname:
    Primary address = 192.168.1.20
    Current HostName = ichat.example.com
    DNS HostName = ichat.example.com
    The names match. There is nothing to change.
    dirserv:success = "success"
    Any help with this would be much appreciated, and I can supply further logs details if needed. I have used example.com to protect our domain name but i kept the format identical.
    Cheers,
    Chris

    From the console:
    08/10/2010 13:00:52 com.apple.launchd.peruser.2027651558[416] ([0x0-0x16a16a].com.apple.iChat[2873]) The USER environmental variable changed out from under us!
    08/10/2010 13:00:52 com.apple.launchd.peruser.2027651558[416] ([0x0-0x16a16a].com.apple.iChat[2873]) In a future build of the OS, this error will be fatal.
    08/10/2010 13:00:52 com.apple.launchd.peruser.2027651558[416] ([0x0-0x16b16b].com.apple.iChatAgent[2875]) The USER environmental variable changed out from under us!
    08/10/2010 13:00:52 com.apple.launchd.peruser.2027651558[416] ([0x0-0x16b16b].com.apple.iChatAgent[2875]) In a future build of the OS, this error will be fatal.
    08/10/2010 13:00:52 iChatAgent[2875] [Warning] JConnection: Error: Error Domain=XMPPErrorDomain Code=122 UserInfo=0x10020b680 "The host corepublishing.co.uk does not support Kerberos authentication."
    The iChat server log shows this at the same time:
    Oct 8 13:00:52 ichat jabberd/c2s[1051]: [7] [::ffff:192.168.2.170, port=50624] connect
    Oct 8 13:00:52 ichat jabberd/c2s[1051]: [7] [::ffff:192.168.2.170, port=50624] disconnect jid=unbound, packets: 0

  • Does the EP Sneak Preview support LDAP authentication?

    When using the EP Sneak Preview is LDAP authentication supported or is only Portal Authentication supported?
    Thanks in advance.

    Hi Neil and welcome on SDN,
    YES! you can configure EP Sneak Preview with LDAP. Check the documentation on help.sap.com for how to do this.
    Hope this helps,
    Robert

  • Is it possible to configure Safari to support Kerberos ticket forwarding?

    I work in an environment that authenticates with Kerberos.  I would like to be able to use Safari in this environemnt but I am forced to use other browsers that support ticket forwarding.  It seems that Safari does support Kerberos authentication according the to this support artical http://support.apple.com/kb/HT5385?viewlocale=en_US&locale=en_US.  However, it fails to explain how to enable ticket forwarding.

    rdar://6644527: Kerberos ticket forwarding doesn't work in Safari
    FirefoxAuth - User Guides Wiki

  • Windows AD with Kerberos authentication not supported for NW AS JAVA 7.1

    The Admin guide for BO 3.1 states that Windows AD with Kerberos authentication is not supported on NetWeaver AS.
    Can anybody suggest & confirm on this???

    I know we haven't been receiving cases for it, but I think in theory it should work fine. BO doesn't really care what web/app kerberos comes from as the manual authentication uses the java SDK (i.e tomcat 5.5 would use Sun JDK 1.5), and SSO kerberos (vintela) uses 3rd party libraries. It's possible our 3rd party libraries may not support netweaver yet. If I hear anything else I'll post.
    Regards,
    Tim

  • Does SQL Developer support OS Authentication?  Will it?

    Does SQL Developer support OS Authentication connections? If not will it in the future?

    Given this has the SQL Developer been changed to remove the requirement of adding a password for an OS authenticated account? These users also have the ability to access the DB via applications and the fact that they don't have to enter a password right now is ideal. I really don't want to have to add a password for them. Will this be changed within SQL Developer?

  • Does a Kerberos authentication module exist?

    Does anyone know of a Kerberos authentication module for Portal Server? If not, can anyone think of any security implications that would suggest "rolling my own" would not be a good idea?

    No we don't have any kerberos auth module as a part of the product and you can develop your own using the auth api's.

  • Does Adobe Connect support CAS authentication?

    We use CAS authentication for many of our applications.  Does Adobe Connect support CAS authentication for Single Sign-On?  Our Adobe Connect is hosted.
    Thanks,
    Rod

    Single Sign-on support is only really available with a licensed deployment. With a hosted account you are limited to API's Adobe Connect 9 * Login and requests
    Configuring SSO on a licensed deployment can be found in this document http://help.adobe.com/en_US/connect/9.0/installconfigure/connect_9_install.pdf

  • Any document explaining Risks involved in assigning "Delegation Permission" to a computer for Kerberos Authentication

    Need SSO on CRM 2013. As per documents assigning Delegation Permission in Kerberos Authentication is mandatory to achieve SSO in CRM 2013.
    Before doing that need to evaluate risks in doing so. Any help or document for the same is helpful.
    Devesh

    Hi Devesh,
    “The idea of delegation in Kerberos is that if a user makes a request to a final resource, and some
    intermediary accounts must process the request, then those intermediary accounts can be trusted to delegate on the user’s behalf. You can configure an account for delegation by using Active Directory Users and Computers as a domain administrator.
    Select Trust this user/computer for delegation to any service (Kerberos) under the Delegation tab of the user or computer account.”
    Quoted from this article below:
    Using Kerberos for SharePoint Authentication
    http://technet.microsoft.com/en-us/magazine/ee914605.aspx
    From my point of view, as long as the intermediary account can be trusted, then it is safe.
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Sql Developer and Kerberos authentication

    Hallo,
    IHAC interested by implementing SQL Developer in his IT environment, but, for the moment, the authentication to the Databases is done via Kerberos. The latest version of SQL Developer allows OS Authentication, but it seems that Kerberos is still not an issue.
    Any comments/tips/ideas to that subject?
    Thank you in advance
    Eric

    SQL Developer 1.5 does not support Kerberos. This is a feature request to be addressed in a future release.
    Sue

  • GSSAPI Kerberos authentication and WS-Security

    Hi,
    We have a requirement to perform Kerberos authentication to a web service.
    The client is to be written in C# using Microsoft's Web Services
    Enhancements (WSE 3.0). WSE (which uses SSPI) has support for
    Kerberos authentication. The application server does not support Kerberos.
    The intention is to use the Java GSSAPI on the web service side to process
    a limited part of the WS-Security header.
    I've successfully processed the <wsse:BinarySecurityToken> to performed
    the actual authentication, I'm now left with checking the signatures.
    The values of the <DigestValue> and <SignatureValue> appear to always be
    20 bytes long (when decoded from Base64) which suggests they're the
    output from SHA1.
    The outputs from GSSContext.getMIC and GSSContext.wrap always start
    with the ASN.1 value 0x60. The <SignatureValue> donen't, therefore
    attempting to use verifyMIC or unwrap fail with:
    "GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)"
    It appears that the digest algorithm is SHA1 and the signature algorithm is
    HMAC-SHA1. So the <DigestValue> is probably just the SHA1 of the
    Canonical XML of the SOAP:Body. The HMAC algorithm requires access to
    the Kerberos private session key, which doesn't appear to be made
    available through the GSSAPI interface, so implementing our own functions
    doesn't seem to be an option.
    I've included the portion of the SOAP header I'm looking at below, apologies
    if the format's messed up.
    So what I'm looking for is:
         1) A way of Canonicalising the SOAP:Body so I can feed it into SHA1           
              (java.security.MessageDigest).
         2) A way of getting at the Kerberos session key through the GSSAPI so I
              can produce the <SignatureValue> from the <DigestValue> for      
              verification (javax.crypto.Mac).
    Any ideas ?
    Cheers
    Phil
    <wsse:Security soap:mustUnderstand="1">
    <wsu:Timestamp wsu:Id="Timestamp-343caad4-454a-4dcd-b206-3e6bf4ad0116">
    <wsu:Created>2006-04-27T13:00:48Z</wsu:Created>
    <wsu:Expires>2006-04-27T13:05:48Z</wsu:Expires>
    </wsu:Timestamp>
    <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-2c5a4b4a-4408-4ee8-8e32-9378c063d422">YIIB1AYJKoZIh<snip>==</wsse:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
    <Reference URI="#Id-73b189ca-2ddd-4fcb-a60e-025e71857802">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
    <DigestValue>BRyjTgrnalo2YXtWUi80pzgoVso=</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>ddTO413OprTwFPWj3NDx94PidZc=</SignatureValue>
    <KeyInfo>
    <wsse:SecurityTokenReference>
    <wsse:Reference URI="#SecurityToken-2c5a4b4a-4408-4ee8-8e32-9378c063d422" ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ" />
    </wsse:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </wsse:Security>

    Hi Osman,
    Hope this blog will answer your Query: /people/rahul.nawale2/blog/2006/05/31/how-to-use-client-authentication-with-soap-adapter
    Documentation SOAP adapter - http://help.sap.com/saphelp_nw04/helpdata/en/69/a6fb3fea9df028e10000000a1550b0/content.htm
    Security settings for SOAP adapter - http://help.sap.com/saphelp_nw04/helpdata/en/56/992d4142badb2be10000000a1550b0/content.htm
    Regards
    Pothana

  • Kerberos authentication with Apache Kerberos Module

    Hi,
    Using the Java GSS tutorials, I have been able to create code to successfully authenticate with our KDC server or from a local ticket cache.
    However, I have been unsuccessful in using the obtained credentials to perform client authentication with a web server running Apache using Kerberos for authentication (mod_kerberos).
    I have tried to use an SSLSocket to connect to the server, which works fine. To request a page that requires client side authentication, I have passed the necessary client headers, over the socket connection e.g.
    GET: http://www.myhost.com/protected_page.html
    HOST: www.myhost.com
    AUTHENTICATE: negotiate XXXXX
    However, I do not know what to put in place of XXXXX. Using some PHP code and Firefox, I have been able to observe what Firefox is passing to the web server to perform client side authentication. It is clearly passing a base64 encoded string, which is related to the cached Kerberos credentials.
    Can anyone tell me, how I can use Java and GSS to perform client side authentication with an Apache web server that is using the Kerberos authentication module? I know it is possible to do so using SPEGNO in a Windows environment, but this is a Linux/Unix environment, so it is not an option.
    Thanks for any help or advice,
    Neil.

    Here are your options:
    1) Configure Krb5LoginModule programmatically.
    If the environment variable KRB5CC_NAME points to the ticket cache location,
    (which is updated each time), you can configure the Krb5LoginModule
    programmatically and set the "ticketCache" option to the value obtained
    from KRB5CC_NAME.
    Refer to following docs for details:
    http://java.sun.com/j2se/1.5.0/docs/guide/security/jgss/tutorials/LoginConfigFile.html
    http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/Configuration.html
    http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/AppConfigurationEntry.html
    2) Use native Kerberos from the platform
    Java SE 6 provides support for native GSS/Kerberos on Solaris/Linux platforms.
    NOTE: If native GSS/Kerberos on your platform does not have support for SPNEGO,
    you will not be able to use this option.
    For details refer to following docs:
    http://download.java.net/jdk6/docs/technotes/guides/security/jgss/jgss-features.html
    Seema

  • Kerberos authentication adobe policy server

    Hi,
    when a user uses the browser to log into adobe policy server, he also gets a ticket from kerberos? Or does this just happen, when he uses for example the Adobe Acrobat Professional?
    thx for help...
    bye

    Hi Raymund,
    Currently Windows Kerberos Authentication is only supported from Acrobat and other client applications we support with plugins (MS Office).
    Hope this helps.
    -Bill

  • "Kerberos" authentication failed while trying to access EMC or EMS

    Salam,
    I have successfully installed Exchange 2010 SP1 on a transitional environment, the installation went smooth without any problem and I've done most of the trasitioning configuration from Exchange Server 2003 to Exchange Server 2010.
    Currently we're in the process of moving the mailboxes, but I've come across a problem recently which stopped all my work and I can no longer commence with this transition unless its solved.
    Sometimes when I try to access EMC or EMS I get the hereunder error:
    The following error occurred while attempting to connect to the specified Exchange server 'afhmail.arabfinancehouse.com.lb':
    The attempt to connect to http://afhmail.arabfinancehouse.com.lb/PowerShell using "Kerberos" authentication failed: Connecting to remote server failed
    with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
    I've read most of the articles found on the internet including
    http://msexchangeteam.com/archive/2010/02/04/453946.aspx to try to troubleshoot this problem but nothing has worked so far, I tried removing Win RM IIS extensions as well then adding them again with a restart and nothing. I tried the Kerbauth dll removal
    also nothing and the problem keeps to occur and the situation is not stable.
    Also I read in a KB article somewhere that if we have multiple domain controllers a single domain controller should be assigned on the Exchange Server (Organization Configuration, Server Configuration, Recipient Configuration) so I assigned the PDC to be selected
    by those configurations at startup, yet I am still facing the same problem.
    Again I emphasis that the problem comes and goes, at a time I can access EMS and at another is just gives me the Kerberos error.
    Thank you very much in advance,
    Kindest Regards.
    Abdullah Abdullah

    Hi Abdullah,
    Can you open the EMS?
    If yes, please run the WinRM QC and post the results here.
    If possible, please use another admin's account to log on to Exchange to try to open EMC.
    Frank Wang
    TechNet Subscriber Support
    in forum
    If you have any feedback on our support, please contact
    [email protected]
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • BO XI Release 2 - NLTM versus Kerberos Authentication

    Hello,
    I have some problem with Authentication. At first time I set up only in CMS Kerberos Authentication, but now I would like to change it to NLTM, but if I clear the Use Kerberos authentication and I mark off Use NTLM authentication and I set up update, it doesn´t work.
    Authentication Options
    Use NTLM authentication 
    Use Kerberos authentication
             Cache security context (required for SSO to database) 
           Service principal name:  
    Thank you very much for your answer,
    unhappy:( Marika

    You can set up kerberos for both, it's required for java. .net will support both kerberos and NTLM although unless you are trying to delegate credentials all the way to your DB, then it usually isn't desired in .net because the configuration is far more complex
    You can simple look at your logon url to figure out if you are hitting IIS (urls end in aspx and no port #) or tomcat(urls end in .do and port 8080).
    Regards,
    Tim

Maybe you are looking for

  • Official Lumia 720 price in Spain?

    I want to know the official price of the Lumia 720 in Spain so I can have a reference when Im going to buy it in the near future. Thanks! Solved! Go to Solution.

  • How to use Mysql platform with oracle 9i

    Currently it is only supported in toplink 10x and above, for business reasons we need to use toplink 9i workbench, any help? thanks

  • Create content modell, logical/physical document class, TA CT04/cl02/dc10

    Dear experts, Im about to get to know the SAP DMS. Content Server is already running working as well as the content repositories. I now wanna set up a content modell for testing with knowledge provider. Im a bit confused about the different ways of d

  • Problems with the cold?

    i just wanted to see if anyone else has started having problems with the nano in the cold. here's the deal: i'm in nyc and it went down to around 25 degrees today. i had my nano in a pocket by itself (god forbid i put even a tissue near it or it'll s

  • PAPER DUE HELP

    Hi out there! I'm in school and I got a paper due and the out line they sent me is PDF file when I open it in word it opens in computer language. I need to be able to fill in the blank lines on the outline that was sent to me. PLEASE help me.