Kerberos

From Q
Revision as of 12:54, 13 May 2013 by Tgurr (talk | contribs)
Jump to navigation Jump to search

Configuration is the same for heimdal or mit-krb5.

File: /etc/krb5.conf
[libdefauls]
    default_realm = YOUR-DOMAIN.LOCAL
    dns_lookup_realm = true
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    renew_lifetime = 7d
    rdns = false
    forwardable = yes

Testing

Query DNS for Kerberos servers.

# host -t srv _kerberos._tcp.yourdomain.local

Get Kerberos ticket for domainuser.

# kinit domainuser@YOURDOMAIN.LOCAL

List cached Kerberos tickets.

# klist
Retrieved from "https://q-old.deltaquadrant.org/index.php?title=Kerberos&oldid=3599"