Lesson 9

Date: 3/30/2011

Kerberos Authentication

Linux for Engineering and IT Applications

Setting Kerberos client

On the desktop, copy /etc/krb5.conf from the server into /etc diredctory.

Install Kerberos libraries

apt-get install  libpam-krb5  libkrb5-3  krb5-user

Syncronize clocks on the server and the desktop with NTP server, 128.6.224.114.

ntpdate -s 128.6.224.114

Check if we can retrieve Kerberos TGT for user mary

kinit mary
kdestroy

Set PAM configuration files in directory /etc/pam.d
Backup the following config files in the directory

   cp common-account common-account-orig
   cp common-auth common-auth-orig

Set new content in the files:
common-account

account sufficient      pam_krb5.so minimum_uid=5000
account	required	pam_unix.so

common-auth

auth    sufficient      pam_krb5.so minimum_uid=5000
auth	requisite	pam_unix.so

Verify that the configuration of /etc/nsswitch.conf is like for NIS, namely, looks as follows:

passwd:         compat
group:          compat
shadow:         compat

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Try su to become user mary and sam then change password for them by running kpasswd

References:
Understanding PAM

Kerberos ticket exchange for authentication
NIS/Kerberos Centralized Authentication
PAM
Installation (exercise)
Kerberos processes
server configuration (exercise)
Kerberos principals (exercise)
Setting Kerberos client (exercise)
Take me to the Course Website