Categories

ID #1007

How do I authenticate against Kerberos?


How do I authenticate against Kerberos?

How do I authenticate agains Kerberos?


For Red Hat based system such as RHEL, CentOS or Scientific Linux: 
Rather than modifying files manually, it is much much easier and less error-prone to use the Red Hat authconfig-tui tool. It can be invoked from the command line:


# authconfig-tui


The authconfig-tui tool allows you to:

  • set where to get the user information from
  • set where to do the authentication.
  • configure your LDAP setup
  • configure your Kerberos setup

So, for example, we choose LDAP for User Information and Kerberos for authentication:

As you can see, tui is an abbreviation for Text User Interface, because it uses ncurses. 

Then you have to configure your LDAP settings:


The last step is to configure your Kerberos server setup. Mainly, Realm, KDC, and Admin Server:

For SLES11SP2:

Rather than modifying files by hand, it is easier and less error-prone to use the YaST tool. From the command line:

# yast

First, choose "Network Sevices", "Kerberos Client".

Then, specify Kerberos server configuration. Mainly, Domain Name, Realm, KDC server.

Finally, choose "Advanced Settings..." to enable Kerberos support for OpenSSH and other PAM services.

Kerberos Authentication With The User Portal Web Service

To be able to allow the user portal, https://<head node IP>/userportal, to authenticate against Kerberos, you need to edit /etc/pam.d/php manually and change the following lines:

auth sufficient pam_ldap.so 
account sufficient pam_ldap.so

to

auth sufficient pam_sss.so 
account sufficient pam_sss.so

After that you need to restart the webserver.

Tags: -

Related entries:

You can comment this FAQ