Document Details

Kerberos
Home / Scan 2 / Kerberos
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Bias Types:
⚠️ windows_first
⚠️ windows_tools
⚠️ powershell_heavy
⚠️ missing_linux_example
Summary:
The documentation demonstrates a Windows bias by prioritizing Windows Active Directory as the only supported KDC, referencing Windows tools and workflows (such as Event Viewer, MMC, and PowerShell) for administration and troubleshooting, and providing detailed steps and examples for Windows environments before (or instead of) Linux equivalents. There is a lack of Linux-specific administrative guidance, troubleshooting steps, and examples, especially for common Kerberos and LDAP operations from Linux clients.
Recommendations:
  • Explicitly acknowledge the lack of support for non-Windows KDCs and provide guidance for integrating Linux clients with Windows AD in Kerberos scenarios.
  • Add Linux-focused administrative examples, such as using kinit, klist, ktutil, and editing krb5.conf, for Kerberos troubleshooting and configuration.
  • Include Linux command-line examples for viewing and managing SPNs (e.g., using ldapsearch, msktutil, or adcli), and for mounting NFS shares with Kerberos.
  • Provide troubleshooting steps and log file locations for Kerberos issues on Linux clients (e.g., /var/log/secure, journalctl, etc.), not just references to Windows Event Viewer.
  • When describing workflows or tools (e.g., managing SPNs, viewing tickets), present both Windows and Linux methods side by side, or at least mention Linux alternatives.
  • Clarify that while only Windows AD is supported as a KDC, Linux clients are fully supported for NFS Kerberos, and provide best practices for their configuration.
GitHub Create pull request

Scan History

Date Scan ID Status Bias Status
2025-09-04 00:00 #101 completed ✅ Clean
2025-08-17 00:01 #83 in_progress ✅ Clean
2025-07-13 21:37 #48 completed ❌ Biased
2025-07-09 13:09 #3 cancelled ✅ Clean
2025-07-08 04:23 #2 cancelled ❌ Biased

Flagged Code Snippets

Kerberos Realm: CONTOSO.COM KDC Vendor: Microsoft KDC IP Address: x.x.x.x KDC Port: 88 Clock Skew: 5 Active Directory Server Name: dc1.contoso.com Active Directory Server IP Address: x.x.x.x Comment: - Admin Server IP Address: x.x.x.x Admin Server Port: 749 Password Server IP Address: x.x.x.x Password Server Port: 464 Permitted Encryption Types: aes-256 - Configured by Azure NetApp Files administrator in the portal - Automatically configured by the service using Active Directory connection information/system defaults