Kerberos on Linux

From MetaCentrum
Jump to: navigation, search

(Česká verze)

Related topics
Kerberos authentication system

Kerberos is a single sign-on system, which means that using Kerberos you don't have to fill in your password with every login attempt.

Installation & configuration

1. Install Kerberos via terminal

sudo su #switchs to root
aptitude install krb5-user ssh-krb5

Skip the configuration wizard and do not close your terminal

2. Download the configuration file

scp 'META username'@skirit.ics.muni.cz:/etc/krb5.conf /etc/

3. Configure SSH

Open the /etc/ssh/ssh_config file in any editor and set GSSAPIDelegateCredentials value to 'yes':

vi /etc/ssh/ssh_config or .ssh/config
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes
    GSSAPIKeyExchange yes

4. Check if it works

ZarovkaMala.png Note: If you cannot login try running command ntpdate tik.cesnet.cz

Run these commands:
kinit 'META username'@META #You will be asked to fill in password
klist

You should get an output similar to this one:

Kerberos1.png

Usage

Simple gain of a ticket:

kinit 'META username'@META #You will be asked to fill in password

Ticket with renew ability (maximum time in MetaCentrum is 7 days):

kinit -r 7d 'META username'@META #You will be asked to fill in password
ssh machine
kinit -R