Michael Hammer/ server config/ Kerberos

Home

About me

Blog

Software

Projects

Science

c++ debian electronics gentoo hardware howto mac privat software

I've allready written a well applicable configuration howto for the server and the client side of the kerberos v5 service. What I'd like to add here is the authentication through kerberos.

We are using pam for this task.

apt-get install libpam-krb5

And now we have to add this to the pam.d configuration files

/etc/pam.d/common-account

account sufficient        pam_unix.so
account sufficient        pam_krb5.so
account required          pam_deny.so

/etc/pam.d/common-auth

auth    sufficient        pam_unix.so nullok_secure
auth    sufficient        pam_krb5.so use_first_pass
auth    required          pam_deny.so

/etc/pam.d/common-password

password  sufficient   pam_unix.so nullok obscure md5
password  sufficient   pam_krb5.so use_first_pass
password  required     pam_deny.so

/etc/pam.d/common-session

session optional pam_unix.so
session optional pam_krb5.so

What we haven't solve yet is the user data like shell, home directory aso. itself. That's done throught LDAP.