Skip to main content
Ask Question
User Management
Asked a question recently

How do I authenticate against Kerberos?

Where am I?

In Bright Computing, Inc. you can ask and answer questions and share your experience with others!


How do I authenticate against Kerberos?

How do I authenticate agains Kerberos?


For Red Hat based system such as RHEL, CentOS or Scientific Linux: 
Rather than modifying files manually, it is much much easier and less error-prone to use the Red Hat authconfig-tui tool. It can be invoked from the command line:


# authconfig-tui


The authconfig-tui tool allows you to:

  • set where to get the user information from
  • set where to do the authentication.
  • configure your LDAP setup
  • configure your Kerberos setup

So, for example, we choose LDAP for User Information and Kerberos for authentication:

How do I authenticate against Kerberos?

As you can see, tui is an abbreviation for Text User Interface, because it uses ncurses. 

Then you have to configure your LDAP settings:


How do I authenticate against Kerberos?

The last step is to configure your Kerberos server setup. Mainly, Realm, KDC, and Admin Server:

How do I authenticate against Kerberos?

For SLES11SP2:

Rather than modifying files by hand, it is easier and less error-prone to use the YaST tool. From the command line:

# yast

First, choose "Network Sevices", "Kerberos Client".

How do I authenticate against Kerberos?

Then, specify Kerberos server configuration. Mainly, Domain Name, Realm, KDC server.

How do I authenticate against Kerberos?

Finally, choose "Advanced Settings..." to enable Kerberos support for OpenSSH and other PAM services.

How do I authenticate against Kerberos?

How do I authenticate against Kerberos?

Kerberos Authentication With The User Portal Web Service

To be able to allow the user portal, https://<head node IP>/userportal, to authenticate against Kerberos, you need to edit /etc/pam.d/php manually and change the following lines:

auth sufficient pam_ldap.so 
account sufficient pam_ldap.so

to

auth sufficient pam_sss.so 
account sufficient pam_sss.so

After that you need to restart the webserver.