Anyone know how to make your Linux box accept Kerberos authentication at login?

I work in a Microsoft shop that uses Active Directory. AD can do Kerberos. I have emerge (I'm on Gentoo) mit_krb5 and pam_krb5. I've configured krb5 so that kinit will authenticate with my domain controller. However, I can't figure out how to go from here to making my box allow logins base on krb5 authentication.

This is my /etc/pam.d/login:

#%PAM-1.0
auth sufficient /lib/security/pam_krb5.so no_user_check
#auth required /lib/security/pam_securetty.so user_first_pass
#auth required /lib/security/pam_stack.so service=system-auth use_first_pass
#auth required /lib/security/pam_nologin.so use_first_pass use_first_pass

session optional /lib/security/pam_krb5.so no_user_check
account sufficient /lib/security/pam_krb5.so no_user_check
password sufficient /lib/security/pam_krb5.so no_user_check

#account required /lib/security/pam_stack.so service=system-auth use_first_pass
#password required /lib/security/pam_stack.so service=system-auth use_first_pass
#session required /lib/security/pam_stack.so service=system-auth use_first_pass


Thanks.

Come on penguins! Someone has to know right!??

Hi,

all hints for Suse9.3 Prof !!

first check your krb5.conf (should be in /etc )
sample :

[libdefaults]
default_realm = DOMAIN.COM
clockskew = 300

[realms]
DOMAIN.COM = {
kdc = XXX.XXX.XXX.XXX # IP Adr of KDC !
}


[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
[domain_realm]

[appdefaults]
pam = {
debug = false
user_check = false
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
}

after that try : kinit

or check http://www.pro-linux.de/work/server/...3-domaene.html

Good luck !

Werner