Lesson 9

Date: 3/31/2010
Kerberos Authentication
Linux for Engineering and IT Applications


NIS/Kerberos Centralized Authentication


  • Kerberos provides strong authentication mechanism, but doesn't store user account data.

  • NIS stores user account data, such as UID, GID, home directory, and login shell, but doesn't contain password hashes for security reasons.

  • Pluggable Authentication Module (PAM) is configurable for services that require authentication, for example, login.



  • If a user provides valid credentials, PAM (pam_krb5) obtains the TGT from KDC, decrypts the Client/TGS session key, caches TGT, and allows the user to login.


  • Take me to the Course Website