Document Details

Kerberos
Home / Scan #2 / Kerberos
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
powershell_heavy
missing_linux_example
Summary
The documentation demonstrates a Windows bias by prioritizing Windows Active Directory as the only supported KDC, referencing Windows tools and workflows (such as Event Viewer, MMC, and PowerShell) for administration and troubleshooting, and providing detailed steps and examples for Windows environments before (or instead of) Linux equivalents. There is a lack of Linux-specific administrative guidance, troubleshooting steps, and examples, especially for common Kerberos and LDAP operations from Linux clients.
Recommendations
  • Explicitly acknowledge the lack of support for non-Windows KDCs and provide guidance for integrating Linux clients with Windows AD in Kerberos scenarios.
  • Add Linux-focused administrative examples, such as using kinit, klist, ktutil, and editing krb5.conf, for Kerberos troubleshooting and configuration.
  • Include Linux command-line examples for viewing and managing SPNs (e.g., using ldapsearch, msktutil, or adcli), and for mounting NFS shares with Kerberos.
  • Provide troubleshooting steps and log file locations for Kerberos issues on Linux clients (e.g., /var/log/secure, journalctl, etc.), not just references to Windows Event Viewer.
  • When describing workflows or tools (e.g., managing SPNs, viewing tickets), present both Windows and Linux methods side by side, or at least mention Linux alternatives.
  • Clarify that while only Windows AD is supported as a KDC, Linux clients are fully supported for NFS Kerberos, and provide best practices for their configuration.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-12 00:00 #243 cancelled Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-09-04 00:00 #101 completed Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-09 13:09 #3 cancelled Clean Clean
2025-07-08 04:23 #2 cancelled Biased Biased

Flagged Code Snippets

Kerberos Realm: CONTOSO.COM
KDC Vendor: Microsoft
KDC IP Address: x.x.x.x 
KDC Port: 88
Clock Skew: 5
Active Directory Server Name: dc1.contoso.com
Active Directory Server IP Address: x.x.x.x
Comment: -
Admin Server IP Address: x.x.x.x
Admin Server Port: 749
Password Server IP Address: x.x.x.x
Password Server Port: 464
Permitted Encryption Types: aes-256
-    Configured by Azure NetApp Files administrator in the portal
-    Automatically configured by the service using Active Directory connection information/system defaults