How to install and configure Kerberos server in Linux

Home > Search > How-to

Use apt-get or yum to install the Kerberos packages.

[root@server1 ~]# yum install krb5-libs
[root@server1 ~]# yum install krb5-workstation
[root@server1 ~]# yum install krb5-server


Following is an example of the /etc/krb5.conf file. Replace with the domain name of your Domain Controller. In relams, ensure YOUR.DOMAIN.COM is in all caps.

default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm =
default_ccache_name = KEYRING:persistent:%{uid}

 kdc =
 admin_server =

[domain_realms] = =


You can use the kinit command to test Kerberos. Ensure YOUR.DOMAIN.COM is in all caps. You should be prompted to enter your password to authenticate.

[root@server1 ~]# kinit -v Administrator@YOUR.DOMAIN.COM
Password for **********


Next use the klist command, and information about your Kerberos ticket should be listed.

[root@server1 ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: Administrator@YOUR.DOMAIN.COM

Valid starting         Expires                Service principal
11/06/2016 16:36:28    11/07/2016 02:36:28    krbtgt/YOUR.DOMAIN.COM@YOUR.DOMAIN.COM
    renew until 11/13/2016 16:36:24


If the Linux server has Samba installed, ensure Samba is configured to be integrated with an Active Directory Domain Controller.

Join the Linux machine to the domain. Replace Password with the actual password for the Windows Domain Controller Administrator account. The Linux machine should now be listed in the Computer folder in Active Directory Users and Computers.

[root@server1 ~]# net ads join -U Administrator
Using short domain name -- example
Joined 'VAS' to dns domain ''


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.