Comprehensive data protection for all workloads
Post Reply
shayani
Lurker
Posts: 2
Liked: never
Joined: Apr 09, 2018 8:35 am
Full Name: Shayani
Contact:

Feature request: Kerberos only authentication

Post by shayani » Apr 09, 2018 9:24 am

I have discussed with Veeam support and apparently there is no way to use only Kerberos authentication with Veeam. Therefore, if you're planning to have a NTLM free environment, Veeam would be out of the equation. The following services do not seem to work in Kerberos:
  • 1) File indexing
    2) File restoration
I'm starting this thread to request for the feature to be in the next release of Veeam B&R. It is high time for Veeam to catch up with the latest Enterprise security standards.

Vitaliy S.
Product Manager
Posts: 22557
Liked: 1480 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Feature request: Kerberos only authentication

Post by Vitaliy S. » Apr 09, 2018 3:28 pm 1 person likes this post

Hello Shayani,

This functionality is in our high priority feature list. Based on your scenario you would need to have this type of authentication available for guest processing services (application aware processing), right?

Thank you for the FR.

shayani
Lurker
Posts: 2
Liked: never
Joined: Apr 09, 2018 8:35 am
Full Name: Shayani
Contact:

Re: Feature request: Kerberos only authentication

Post by shayani » Apr 11, 2018 2:06 pm

Yes. Thanks for your reply. And please post any updates.

dsegel
Influencer
Posts: 18
Liked: never
Joined: Aug 09, 2017 3:51 pm
Full Name: Daniel Segel
Contact:

Re: Feature request: Kerberos only authentication

Post by dsegel » Apr 17, 2019 2:42 pm

Any updates on if/when NTLM will be going away as a requirement in Veeam? My security admin is pushing to disable it everywhere.

We're running Hyper-V if it matters.

Gostev
SVP, Product Management
Posts: 24217
Liked: 3311 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Feature request: Kerberos only authentication

Post by Gostev » Apr 17, 2019 2:48 pm

Support for Kerberos-only authentication for guest connections was added in Update 4, see What's New for more details.

dsegel
Influencer
Posts: 18
Liked: never
Joined: Aug 09, 2017 3:51 pm
Full Name: Daniel Segel
Contact:

Re: Feature request: Kerberos only authentication

Post by dsegel » Apr 17, 2019 2:52 pm

Unless I'm reading it wrong, it says that's for vSphere only. As I said, we're running Hyper-V.

Gostev
SVP, Product Management
Posts: 24217
Liked: 3311 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Feature request: Kerberos only authentication

Post by Gostev » Apr 17, 2019 3:16 pm

Ah, sorry. Moved to the correct forum and asked for clarification why it says vSphere only, since guest processing is not hypervisor-specific logic AFAIK.

Gostev
SVP, Product Management
Posts: 24217
Liked: 3311 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Feature request: Kerberos only authentication

Post by Gostev » Apr 17, 2019 4:02 pm

Apparently, unlike VMware, Hyper-V does not return FQDN of the guest - while Kerberos authentication is impossible without FQDN.

dsegel
Influencer
Posts: 18
Liked: never
Joined: Aug 09, 2017 3:51 pm
Full Name: Daniel Segel
Contact:

Re: Feature request: Kerberos only authentication

Post by dsegel » Apr 19, 2019 4:27 pm

Yup, I just discovered this myself when all the backups on our test system failed last night.

Veeam can't even connect to the host server, nevermind the guest VMs.

Any ideas for workarounds or other possibilities for ditching NTLM for Hyper-V in the future?

Thanks.

Post Reply

Who is online

Users browsing this forum: No registered users and 43 guests