Enable linux as a kerberos client

Well, okay, specifically redhat.

By far the easiest way to make a machine a kerberos client, is simply to add it to the configs at kicktart time. However, if you need to do it post-install time, it can be considerably more challenging.

I have so far only found partial information with google searches (March 2013). The results claim that to enable a RedHat machine to be a functional kerberos client, all you have to do is add the 3 following things:

  1. krb5-libs package
  2. krb5-workstation package
  3. /etc/krb5.conf configuration file
and then you'll be happy. Nope. This is way under-documented. For our RedHat 6.3 machines, we ALSO needed to modify the following files:
  1. /etc/sysconfig/authconfig
  2. /etc/pam.d/sshd
  3. /etc/pam.d/system-auth-ac
  4. /etc/pam.d/password-auth-ac
Since these are quick notes, I wont detail the specific changes here, unfortunately. But at least you now know what is involved.


phil@bolthole.com
Bolthole Top