This page decribes how to install Kerberos on a Linux box to talk to an Windows 2000 or 2003 ActiveDirectory Server.
This one was tricky and took a bit of fidgeting to get right, but here goes. As you will be able to see, we may need to create directories for the log files. Also note that the sections which are in uppercase have to be in uppercase or the thing won't work.
Use the following config file (in debian and redhat at least). Be sure to use the same capitalisation.
/etc/krb5.conf
[logging?
default = FILE:/var/log/krb5/libs.log kdc = FILE:/var/log/krb5/kdc.log admin_server = FILE:/var/log/krb5/admin.log
[libdefaults?
ticket_lifetime = 24000 default_realm = THINCLIENT.TEST.ORG default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true
[realms?
THINCLIENT.TEST.ORG = {
kdc = test1.thinclient.test.org:88 default_domain = thinclient.test.org
}
[domain_realm?
.thinclient.test.org = THINCLIENT.TEST.ORG thinclient.test.org = THINCLIENT.TEST.ORG
[kdc?
profile = /var/kerberos/krb5kdc/kdc.conf
[pam?
debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false
The second part of setting up the kerberos section is to make sure that kerberos is defined in our services file (/etc/services). It should contain a line along the following.
kerberos 88/tcp kdc kerberos5 krb5 # Kerberos v5 kerberos 88/udp kdc kerberos5 krb5 # Kerberos v5
You can use kinit to test your kerberos setup by issuing a ticket from the KDC.
kinit Administrator@THINCLIENT.TEST.ORG
This will prompt you for a password and return success if it succeeds. If you get an error "KDC does not support encryption scheme", you need to re-set the password for that user, just change it in user manager to the same password.
One page links to ActiveDirectoryKerberos:
