linux_wiki:configure_a_system_to_authenticate_using_kerberos

Configure A System To Authenticate Using Kerberos

General Information

Setting up a client to authenticate using kerberos.


Lab Setup

The following virtual machines will be used:

  • server1.example.com (192.168.1.150) → Client for kerberos authentication
  • ipa.example.com (192.168.1.152) → FreeIPA server/kerberos server

Help

Finding help in this section.

  • authconfig help, filter for krb
    authconfig --help | grep krb

Prerequisites

Some items are required before being able to practice this objective.


Package Install

Install the required packages

yum install krb5-workstation pam_krb5

Configure the Kerberos Client

Option 1: Use authconfig to enable kerberos

authconfig --enablekrb5 --krb5kdc=ipa.example.com --krb5realm=EXAMPLE.COM --krb5adminserver=ipa.example.com --update
  • Note: If you get this message: “authconfig: Authentication module /usr/lib64/security/pam_krb5.so is missing. Authentication process might not work correctly.”
    • You did not install “pam_krb5”
      yum install pam_krb5


Option 2: Use authconfig-tui to enable kerberos

  • Open authconfig-tui
    authconfig-tui
  • Authentication Configuration
    • Under Authentication → select “Use Kerberos”, then Next
  • LDAP Settings → Do not change anything, Next
  • Kerberos Settings
    • Realm: EXAMPLE.COM
    • KDC: ipa.example.com
    • Admin Server: ipa.example.com
  • Ok

The kerberos server (KDC) must have an entry for the client host.

A kerberos client keytab (containing client host identification) will probably be provided in the exam.

For lab purposes, you may need to add the client and generate a keytab.

See here for more details.


Test The Client

  • Login as a LDAP user
    su - robert
  • Get a kerberos ticket
    kinit robert
  • View ticket
    klist
  • SSH to another system
    ssh ipa.example.com
    • Should not be prompted for a password due to initializing a kerberos ticket

  • linux_wiki/configure_a_system_to_authenticate_using_kerberos.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)