Indiana University
University Information Technology Services
  
What are archived documents?

In Red Hat Enterprise Linux 2.x, 3.x, and 4.x, how do I authenticate to the Kerberos realm (IU.EDU)?

Note: Indiana University has signed a site license agreement with Red Hat for use of its Linux distribution. This deal covers the use of Red Hat Enterprise Linux (RHEL) by students, faculty, and staff at IU. For more information on this agreement, see the Research Technologies division's Getting Red Hat Enterprise Linux at IU page.

You can configure your Red Hat Enterprise Linux workstation to authenticate to the Kerberos realm by using the Pluggable Authentication Modules (PAM). The module that allows you to authenticate to the Kerberos 5 realm is pam_krb5.so.

You must have the pam_krb5 package installed to configure your workstation to authenticate to the Kerberos realm. To determine if you have the pam_krb5 package installed, open a terminal window and enter:

rpm -qa | grep pam_krb5

If your system returns pam_krb5-x.xx-x, where x is the version of pam_krb5, the package is installed. If your system does not return anything, use up2date install pam_krb5 to install the package.

You will also need to make sure the krb5-workstation package is installed. To check this, enter:

# rpm -qa|grep krb5-workstation

If your system doesn't find the package, use up2date install krb5-workstation to install it.

After you install needed packages:

  1. Open a terminal window and log in as root. Enter /usr/sbin/authconfig .

  2. Press Tab until you are at the "Next" button, and then press the Spacebar to continue to the following page.

  3. Press Tab until you are at the "Use Kerberos 5" field. Press the Spacebar to select it.

  4. Press Tab until you are at the "Realm:" field. Type IU.EDU and press Tab.

    Note: Be sure to capitalize all letters in IU.EDU.

  5. In the text field next to "KDC:", type kdc-1.iu.edu:88,kdc-2.iu.edu:88,kdc-3.iu.edu:88,kdc-4.iu.edu:88 and press Tab.

  6. In the text field next to "Admin Server:", type kdc-1.iu.edu:749 .

  7. Press Tab until you come to the "OK" button, and then press the Spacebar to save your changes.

The authconfig utility will modify two files: /etc/krb5.conf and /etc/pam.d/system-auth. The /etc/krb5.conf file configures the Kerberos (IU.EDU) realm to use the Kerberos 5 libraries and the /etc/pam.d/system-auth file inserts the pam_krb5.so module into your authentication sequence.

When you attempt to authenticate, PAM will first check the local /etc/passwd file for the correct password. If this check fails, PAM will then perform a check against one of the Kerberos servers. If the Kerberos check is successful, you are allowed to log in.

To log into your workstation, a user must have an existing local account.

For additional information, contact your campus Support Center.

At Indiana University, to get support for personal or departmental Linux or Unix systems, see At IU, how do I get support for Linux or Unix?

This is document akoo in domain all.
Last modified on August 25, 2008.
Please tell us, did you find the answer to your question?