Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-24-2005, 01:48 PM   #1
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Rep: Reputation: 15
Kerberos Authentication

Anyone know how to make your Linux box accept Kerberos authentication at login?

I work in a Microsoft shop that uses Active Directory. AD can do Kerberos. I have emerge (I'm on Gentoo) mit_krb5 and pam_krb5. I've configured krb5 so that kinit will authenticate with my domain controller. However, I can't figure out how to go from here to making my box allow logins base on krb5 authentication.

This is my /etc/pam.d/login:

auth sufficient /lib/security/ no_user_check
#auth required /lib/security/ user_first_pass
#auth required /lib/security/ service=system-auth use_first_pass
#auth required /lib/security/ use_first_pass use_first_pass

session optional /lib/security/ no_user_check
account sufficient /lib/security/ no_user_check
password sufficient /lib/security/ no_user_check

#account required /lib/security/ service=system-auth use_first_pass
#password required /lib/security/ service=system-auth use_first_pass
#session required /lib/security/ service=system-auth use_first_pass

Old 08-24-2005, 07:21 PM   #2
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Original Poster
Rep: Reputation: 15
Come on penguins! Someone has to know right!??
Old 08-30-2005, 06:44 AM   #3
LQ Newbie
Registered: Aug 2005
Location: Germany
Posts: 2

Rep: Reputation: 0
Check krb5.conf


all hints for Suse9.3 Prof !!

first check your krb5.conf (should be in /etc )
sample :

default_realm = DOMAIN.COM
clockskew = 300

kdc = XXX.XXX.XXX.XXX # IP Adr of KDC !

kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log

pam = {
debug = false
user_check = false
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0

after that try : kinit

or check

Good luck !



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Kerberos Authentication cwinter00 Linux - Security 1 06-16-2005 12:56 PM
PAM/Kerberos authentication problem hmartin216 Linux - Security 2 03-11-2005 09:28 PM
Samba Kerberos Authentication SNunweiler Linux - Networking 7 08-25-2004 10:27 AM
Authentication In A Http Request With Kerberos Ephraim Programming 0 08-03-2004 04:13 AM
Authentication via Kerberos grubjo Linux - Security 0 07-30-2004 11:48 AM

All times are GMT -5. The time now is 04:02 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration