Ubuntu 10.04
-
copy /etc/krb5.conf from everest to /etc/
-
sudo apt-get install libpam-krb5
-
sudo pam-auth-update
Ubuntu 8.04
-
Install necessary packages
$ sudo apt-get-install heimdal-clients libpam-heimdal
-
Configure Kerberos with the details of the AD realm and IP addresses, /etc/krb5.conf (copy it from everest)
-
Update the PAM configuration to check for Kerberos accounts, /etc/pam.d/common-auth, choose whether you want a Kerberos login prompt or a regular prompt first.
#
# /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication modules that define # the central authentication scheme for use on the system # (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the # traditional Unix authentication mechanisms. # auth sufficient pam_krb5.so ccache=/tmp/krb5cc_%u auth sufficient pam_unix.so likeauth nullok_secure use_first_pass auth required pam_deny.so
-
To manage the Kerberos tickets update /etc/pam.d/common-session
# # /etc/pam.d/common-session - session-related modules common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of modules that define tasks to be performed # at the start and end of sessions of *any* kind (both interactive and # non-interactive). The default is pam_unix. # session required pam_unix.so session optional pam_foreground.so session optional pam_krb5.so minimum_uid=1000
Red Hat Specific
-
rpm -qa | grep pam
-
Make sure you have: pam_krb5-2.2.14-10
-
copy over system-auth from everest (update if necessary)
-
Make sure that the clock is insync, otherwise auth will fail
-
Add users to wheel group for sudo privilege
-
use authconfig-tui to configure pan to use krb
