Problem with Kerberos authenticcation
We are trying to implement a centralized Kerberos authentication mechanism for our Linux machines.
The REALM NAME is EXAMPLE.COM
Right now I have two machines:
1. server.example.com -> it runs the krb5kdc (KDC) and kadmind daemons.
2. client1.example.com -> configured to accept logins from Kerberos server.
The Kerberos server is working fine.
I created a principal “bryan” using kadmin.local script with password abc123
I tried logging in to client1.example.com using the same. the login failed citing incorrect username and password.
I created a user named “bryan” on client1.example.com with password Infy123+.
I tried logging in to client1.example.com using the password abc123 setup in Kerberos, this time the login succeeded
executing klist showed that there is a valid token issued.
I destroyed the token by using kdestroy
Now I tried logging in again with user “bryan” but this time with password Infy123+ and the login succeeded this time too.
executing klist showed that there is NO token issued
So , as per the requirement, I want to facilitate:
1. dynamic account creation for a principal i.e. the user account to be created automatically when the user logs in.
2. Disable login through the local Linux/Unix account
Any help would really be appreciated.
|