Home | Content | Search | Navigation | Toolbox | Actions | In other languages

YaST/Modules/Kerberos Client

From openSUSE

Kerberos Client setup and configuration

If you would like to configure the kerberos client you probably have a windows network with linux hosts. The kerberos client is used in authentication of Linux against Active Directory.

It means that you can use the same account name and password to log on to your Linux or Windows machine. Network administrators will be able to logon to your machine with their administrator credentials. So the Linux machine will be part of the Windows based network. It is also possible to extend active directory to allow for home directories to be managed in active directory.

The option in yast for the kerberos client configures the authentication against Active Directory, which is based on kerberos authentication.

1. Go to Yast, Network Services and click on the kerberos client option. Now the Kerberos client configuration will appear. 2. Enter your active directory domain name lower caps in the default domain field and enter your active directory name in upper caps in the default realm . In the KDC server address field, enter the fully qualified domain name of one of your domain name servers, dc.mydomain.local. Click OK to finish.

Yast will edit the /etc/krb5.conf. 

   [libdefaults]
                clockskew = 300
                default_realm = MYDOMAIN.LOCAL

   [realms]
   MYDOMAIN.COM = {
                kdc = dc.mydomain.local
                default_domain = mydomain.local
                kpasswd_server = dc.mydomain.local
   }

   [domain_realm]
   .MYDOMAIN.LOCAL = MYDOMAIN.LOCAL

And the pam_unix2.conf

Other applications know that they can use the kerberos login, and do not have to ask you again for a logon and password. The programs that will make use of the kerberos login are in the /etc/pam.d directory.

The pam_unix2.conf file is located in /etc/security/.The following lines are modified: 

   auth: use_krb5
   account: use_krb5
   password: use_krb5
   session: none

3. Kinit is used for testing authentication. Open a shell and type in kinit: 

   kinit <myusername>
   username@MYDOMAIN.LOCAL's Password:

You will be prompted for your windows/active directory password

You will return to the prompt if everything is ok.

Retrieved from "http://en.opensuse.org/YaST/Modules/Kerberos_Client"
The content on this and other wiki pages is posted by community members who are not acting for or on behalf of Novell, Inc., whether or not they otherwise have affiliation with Novell.
This site uses the YAML CSS framework.
About openSUSE | Disclaimers | Feedback
This page was last modified 17:32, 3 December 2007. This page has been accessed 4,209 times.

Founded by Novell