LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-24-2005, 01:48 PM   #1
Comatose51
Member
 
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Rep: Reputation: 15
Kerberos Authentication


Anyone know how to make your Linux box accept Kerberos authentication at login?

I work in a Microsoft shop that uses Active Directory. AD can do Kerberos. I have emerge (I'm on Gentoo) mit_krb5 and pam_krb5. I've configured krb5 so that kinit will authenticate with my domain controller. However, I can't figure out how to go from here to making my box allow logins base on krb5 authentication.

This is my /etc/pam.d/login:

#%PAM-1.0
auth sufficient /lib/security/pam_krb5.so no_user_check
#auth required /lib/security/pam_securetty.so user_first_pass
#auth required /lib/security/pam_stack.so service=system-auth use_first_pass
#auth required /lib/security/pam_nologin.so use_first_pass use_first_pass

session optional /lib/security/pam_krb5.so no_user_check
account sufficient /lib/security/pam_krb5.so no_user_check
password sufficient /lib/security/pam_krb5.so no_user_check

#account required /lib/security/pam_stack.so service=system-auth use_first_pass
#password required /lib/security/pam_stack.so service=system-auth use_first_pass
#session required /lib/security/pam_stack.so service=system-auth use_first_pass


Thanks.
 
Old 08-24-2005, 07:21 PM   #2
Comatose51
Member
 
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Original Poster
Rep: Reputation: 15
Come on penguins! Someone has to know right!??
 
Old 08-30-2005, 06:44 AM   #3
stuttgart
LQ Newbie
 
Registered: Aug 2005
Location: Germany
Posts: 2

Rep: Reputation: 0
Check krb5.conf

Hi,

all hints for Suse9.3 Prof !!

first check your krb5.conf (should be in /etc )
sample :

[libdefaults]
default_realm = DOMAIN.COM
clockskew = 300

[realms]
DOMAIN.COM = {
kdc = XXX.XXX.XXX.XXX # IP Adr of KDC !
}


[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
[domain_realm]

[appdefaults]
pam = {
debug = false
user_check = false
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
}

after that try : kinit

or check http://www.pro-linux.de/work/server/...3-domaene.html

Good luck !

Werner
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kerberos Authentication cwinter00 Linux - Security 1 06-16-2005 12:56 PM
PAM/Kerberos authentication problem hmartin216 Linux - Security 2 03-11-2005 09:28 PM
Samba Kerberos Authentication SNunweiler Linux - Networking 7 08-25-2004 10:27 AM
Authentication In A Http Request With Kerberos Ephraim Programming 0 08-03-2004 04:13 AM
Authentication via Kerberos grubjo Linux - Security 0 07-30-2004 11:48 AM


All times are GMT -5. The time now is 11:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration