We are trying to implement a centralized Kerberos authentication mechanism for our Linux machines.

The REALM NAME is EXAMPLE.COM

Right now I have two machines:
1. server.example.com -> it runs the krb5kdc (KDC) and kadmind daemons.
2. client1.example.com -> configured to accept logins from Kerberos server.

The Kerberos server is working fine.

I created a principal “bryan” using kadmin.local script with password abc123
I tried logging in to client1.example.com using the same. the login failed citing incorrect username and password.

I created a user named “bryan” on client1.example.com with password Infy123+.
I tried logging in to client1.example.com using the password abc123 setup in Kerberos, this time the login succeeded
executing klist showed that there is a valid token issued.
I destroyed the token by using kdestroy

Now I tried logging in again with user “bryan” but this time with password Infy123+ and the login succeeded this time too.
executing klist showed that there is NO token issued

So , as per the requirement, I want to facilitate:
1. dynamic account creation for a principal i.e. the user account to be created automatically when the user logs in.
2. Disable login through the local Linux/Unix account


Any help would really be appreciated.