Login via Kerberos credentials on Debian
Prev Part V.  Configuring Linux subsystems  Next

Login via Kerberos credentials on Debian

Jurjen Bokma

January 2009

  1. Install the PAM Kerberos module:


      apt-get install libpam-krb5

  2. Configure it in /etc/krb5.conf: 

    [appdefaults]
  forwardable = true
  pam = {
    minimum_uid = 1000
    EXAMPLE.COM = {
      ignore_k5login = true
      }
    }

  3. Configure PAM via /etc/pam.d/common-auth: 

    auth    sufficient  pam_krb5.so minimum_uid=1000 use_first_pass try_pkinit
auth    required        pam_unix.so nullok_secure

    , /etc/pam.d/common-session: 

    session required        pam_krb5.so minimum_uid=1000
session required        pam_unix.so

    /etc/pam.d/common-account: 

    account required        pam_krb5.so minimum_uid=1000
account required        pam_unix.so

    /etc/pam.d/common-password: 

    password   sufficient pam_krb5.so minimum_uid=1000 use_first_pass try_pkinit
password   required   pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass

  4. Try to su:

    su - tuya
    Password:
    tuya@host:~$

    And try to change the password:

    passwd
    Current Kerberos password:
    Enter new Kerberos password:
    Retype new Kerberos password:
    passwd: password updated successfully

Prev Up Next
Getting soundly to work on Ubuntu (KDE version) Home $GENERATE records in BIND9 config