How to install and configure Kerberos server in Linux

Home > Search > How-to
  by

Use apt-get or yum to install the Kerberos packages.

[root@server1 ~]# yum install krb5-libs
[root@server1 ~]# yum install krb5-workstation
[root@server1 ~]# yum install krb5-server

 

Following is an example of the /etc/krb5.conf file. Replace your.domain.com with the domain name of your Domain Controller. In relams, ensure YOUR.DOMAIN.COM is in all caps.

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = your.domain.com
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
YOUR.DOMAIN.COM = {
 kdc = your.domain.com
 admin_server = your.domain.com
}

[domain_realms]
.your.domain.com = your.domain.com
your.domain.com = your.domain.com

 

You can use the kinit command to test Kerberos. Ensure YOUR.DOMAIN.COM is in all caps. You should be prompted to enter your password to authenticate.

[root@server1 ~]# kinit -v Administrator@YOUR.DOMAIN.COM
Password for Administrator@your.domain.com: **********

 

Next use the klist command, and information about your Kerberos ticket should be listed.

[root@server1 ~]# klist
Ticket cache: KEYRING:persistent:0:0
Default principal: Administrator@YOUR.DOMAIN.COM

Valid starting         Expires                Service principal
11/06/2016 16:36:28    11/07/2016 02:36:28    krbtgt/YOUR.DOMAIN.COM@YOUR.DOMAIN.COM
    renew until 11/13/2016 16:36:24

 

If the Linux server has Samba installed, ensure Samba is configured to be integrated with an Active Directory Domain Controller.

Join the Linux machine to the domain. Replace Password with the actual password for the Windows Domain Controller Administrator account. The Linux machine should now be listed in the Computer folder in Active Directory Users and Computers.

[root@server1 ~]# net ads join -U Administrator
Using short domain name -- example
Joined 'VAS' to dns domain 'your.domain.com'

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments