Questions tagged [authentication]

Question 1

I use Windows Server 2019 DC in my environment. All updates are installed. We use Windows 10/11 clients. We use a mix of 2012R2 - 2022 OS on other servers. I will disable WDigest Authentication in ...

Question 2

I have several Linux servers. Most are configured to only accept logins with SSH keys, but for some servers, I need to be able to log in with both key and user/pass. The problem is that users who use ...

Question 3

I am setting up a Postfix + Dovecot mail server. I have a handful of virtual aliases all mapping to a single Unix user, vmail. I set this up in Postfix main.cf: virtual_alias_domains = example.net ...

Question 4

I’m trying to integrate Ubuntu with Microsoft Entra ID using authd, but I can’t get cloud users to map to local Ubuntu 25.04 accounts. Setup: Ubuntu 25.04 with authd installed (latest version). PAM ...

Question 5

I'm implementing Kerberos authentication for a business application layer access to let the users authenticate with an external active directory using LDAPS. My implementation follows the article ...

Question 6

I can see many many attempts to brute force my Microsoft 365 account from all over the globe. With my MS home account, I was able to add an alias and make it the primary login while retaining my ...

Question 7

I have created a 4 node Cluster: Server1.domain.com 192.168.1.11 Server2.domain.com 192.168.1.12 Server3.domain.com 192.168.1.13 Server4.domain.com 192.168.1.14 Built as a Fail over cluster. ...

Question 8

In Google Cloud, I have an app which uses the sensitive auth/calendar.readonly scope. I've already gone through the verification and approval process, so my app can access a user's Google Calendar. I ...

Question 9

I have the following configuration in Apache below. I need to set username from decoded Base64 JWT token. I get the correct ENV for REMOTE_USER_LOCAL, but this doesn't work with mod_gssapi: <...

Question 10

I am using an Ubuntu 24.04 server with OpenSSH. The /etc/ssh/sshd_config uses the following options: PermitRootLogin no PubkeyAuthentication yes PasswordAuthentication no KbdInteractiveAuthentication ...

Question 11

I use Google Cloud Platform (GCP) to access the Vertex AI API. I run: gcloud auth application-default login --no-launch-browser to get an authorization code: However, it expires after 1 or 2 hours, ...

Question 12

I have a Redis cluster running inside kubernetes (AWS EKS). Currently, Redis does not require any password because it is only used by internal microservices. I do not want to disturb this internal ...

Question 13

How do I prevent this message: "Be careful with this message. The sender hasn't authenticated this message so Gmail can't verify ..." I have set up the following DNS TXT records: Name = @ ...

Question 14

i have a strange Problem and i hope someone can help me. What I’m doing: I am creating a Scheduled Task via GPO, which starts a Powershell script which is located on a network share. The Script should ...

Question 15

getent passwd and getent group works as expected. But when I want to login over SSH Login with SSH key: LOG: Mar 10 07:06:05 ah sshd[1727]: fatal: initgroups: [email protected]: Invalid argument ...

Question 16

So I am trying to implement 802.1X authentication using freeradius as my RADIUS server. For the authentication method I have chosen EAP-TEAP. My client device (a Windows 11 PC) has the machine and the ...

Question 17

Traefik integrates perfectly for a Docker server as a reverse proxy, with configuration using Docker labels. You can define middlewares for a service, which are then validated in turn and restrict ...

Question 18

I was setting up a local mongoDB replica set which uses x.509 to authenticate cluster members, following this guide. The configuration file options included two parameters: certificateKeyFile: <...

Question 19

extraEnvVars: - name: MINIO_LOG_LEVEL value: DEBUG - name: MINIO_IDENTITY_OPENID_CONFIG_URL value: "https://authentik.righive.local/application/o/minio/.well-known/openid-...

Question 20

Our aim is to host an ASP.NET Core 9.0 web site on IIS and to use client certificate for authentication. The ASP.NET Core web app is working well: when running directly from Kestrel, everything works ...

Question 21

The portal is having issues getting an authentication token. The experience rendered may be degraded. Additional information from the call to get a token: Extension: Microsoft_Azure_Support Resource: ...

Question 22

I'm trying to fix performance issues in Apache. Loading a webpage is fast until it's secured with database authorization. See this picture for comparison between static/dynamic pages and public/...

Question 23

I can logon to my SQL Server 2022 host using SSMS using Windows authentication. I also want to use SQL Server Authentication and logon using the same account. I followed the instructions to Change ...

Question 24

All obfuscated portions are noted in [brackets]. I have MySQL set up on Rocky Linux v9.5 with MySQL Enterprise v9.1.0-1.1el9. Using a trial version of MySQL Enterprise Edition, I am trying to get the ...

Question 25

I want to allow for two auth methods in dovecot via SQL. First, the traditional route where the password is hashed with SHA512-CRYPT and compared to the DB response. Second, where the request is ...

Question 26

I'm member of an association that uses Microsoft Office 365. I'm not an administrator. Now I'm creating a small web application and this is hosted totally independent of our association (diffent ...

Question 27

I have provisioned few nodes with MAAS controller, Now I want to enable ssh login with password. Tried changing sshd config file but didnt worked. with ssh keys it works just fine.

Question 28

I am struggling to diagnose an ssh error that I'm only seeing when trying to connect from one specific machine (client A) to another specific machine (server). Ping works, so I can see the server on ...

Question 29

We're having (because reasons) multiple AD domains, all having their own pair of domain controllers. Users can have accounts in any single domain or combination of domains. In the latter, the username ...

Question 30

I've set up Cygwin on a Windows machine, with the OpenSSH server sshd as a Windows service, up and running. I used ssh-host-config -y; and in /etc/sshd_config I've uncommented: PubkeyAuthentication ...

Question 31

Basic authentication forgets the user once the browser is closed and browsers ignore its custom titles. In my understanding Digest access authentication is not different in those aspects. So is there ...

Question 32

Starting a week ago I cannot login to windows shares or other servers using NTLM authentication over my VPN to our corporate network. Everything else works, SSO etc, Teams, Outlook, just NTLM based ...

Question 33

Our college lab consists of 10 Ubuntu desktops, each currently set up as standalone machines on the LAN. I want to transition them to a centrally managed environment while avoiding common pitfalls. I ...

Question 34

I have an MVC web application on Windows Server 2019 with SQL Server 2017. When I read/write to the database, if I add credentials on connection string or I remove the credentials, the database can be ...

Question 35

My org is running Active Directory which uses Kerberos for authentication. I have a group of linux computers that are not permitted to be joined to AD. For user authentication, I setup kerberos and ...

Question 36

I'm not sure what I'm doing wrong, but after following the documentation for setting up kubernetes auth with vault, it doesn't seem to work. My steps for setting up vault are as follows: # install ...

Question 37

I've been working on a new project to expand the authentication options for Linux. Overall, the software is functional, but I am encountering unexpected results when groups are accessed through my ...

Question 38

I have been told that enabling auditing on a domain controller imposes too much extra load on a system to enable it in production. I don't know anything about Windows server administration so I cannot ...

Question 39

I hope you are well I have 2 servers set up at home (a raspberry pi with Ubuntu server and a laptop with Ubuntu Desktop) they are configured with password login and I have configured and enabled SSH ...

Question 40

I'm testing Keycloak and wanted to integrate it with OpenShift. I'm following these instructions I got the bit where you configure the client scope and keycloak immediately dies with: Default install,...

Question 41

After many hours attempting to configure OpenDKIM with Postfix and having no luck, I have come to the conclusions that: I cannot get OpenDKIM to work I am not able to find a suitable out-of-the box ...

Question 42

Introduction There is something I don't understand with SSH private key permissions and I'd like some in-depth explanations about the difference in behavior I'm noticing Here is the thing, I am trying ...

Question 43

I have a fresh install of Debian 12.0 that I wanted to authenticate with LDAP following instructions at: https://wiki.debian.org/LDAP/NSS. However, it is not working. The LDAP server is in a different ...

Question 44

I have a Plone site which I'd like to hide from read-only access and instead serve the contents from a static mirror (mainly for performance reasons, of course); most contents rarely change. (How to ...

Question 45

I have apache 2.4.57 on a windows server. I created a new folder that only needs to display files that can be downloaded. In the httpd.conf file, I added this: Alias "/pw_files" "f:\...

Question 46

Windows Hello says "Your PIN is required to sign in. But when users enter their pin it is not accepted.

Question 47

My department is switching to using sssd with ldap for logins on all of our linux hosts. I've got it all working, but there was one issue I was hoping to resolve before continuing testing in our dev ...

Question 48

I have to activate SSL for secure comunications with ldap, I count with Letsencrypt .pem files (chain, fullchain, cert & privkey). I followed the steps of some pages but it didn't had any effect ...

Question 49

We pushed SSID configuration by GPO. Computer configuration > Policies > Security Settings > Wireless Network Policies. In these settings we enabled certificate authentication, however the ...

Question 50

In a small network environment, we have one Windows Server with Domain Controller, DHCP and DNS. When every non-domain Windows client connects to the network, a lot of 4625 logon failure events are ...