Configure Linux to Authenticate Using Kerberos
This article describes how to configure a Linux system to authenticate using Kerberos, with specific reference to the information needed for the RHCE EX300 certification exam.
Remember, the exams are hands-on, so it doesn’t matter which method you use to achieve the result, so long as the end product is correct.
Installation
Regardless of the method used to configure Kerberos authentication, you will need to install the following packages.
# yum install krb5-server pam_krb5 samba samba-common samba-winbind samba-client samba-winbind-clients
system-config-authentication
Start the GUI “Authentication Configuration” dialog from then menu (System > Administration > Authentication) or by running the system-config-authentication command from the command line.
Set the “User Account Database” to “Winbind”. This will alter the screen layout.
Enter the following details:
- Winbind Domain : The first part of your domain, minus the “.com” or “.co.uk” etc.
- Security Model : ads
- Winbind ADS Realm : The fully qualified domain name.
- Winbind Domain Controllers : The Winbind controllers.
- Template Shell : The preferred shell.
Click the “Join Domain…” key and enter the credentials.
Log out and attempt to log in using your AD credentials.
authconfig-tui
The authconfig-tui command provides the command-line equivalent of the system-config-authentication utility. Start the command from the command line as the “root” user.
Tab down to the “Use Winbind” option and select it by pressing the “space bar”. In the same way, select the “Use Winbind Authentication” option and deselect the “Local authorization is sufficient” option. Tab to the “Next” button and hit the “Return” key.
Enter the correct details, as explained in the previous section, and click the “Join Domain” key. Agree to save the configuration and enter the credentials.
Log out and attempt to log in using your AD credentials.
For more information see:
Leave a comment