Linux Kerberos Client Configuration

Kerberized clients are simpler to configure than KDCs or Kerberized application servers. Nonetheless, these tools do require some basic configuration to work. You may even need to track down Kerberized versions of clients for specific protocols, particularly if you want to use tools that aren’t provided with Kerberos. Once everything’s set up, you should know something about the basic Kerberos user management tools, because they control user access to the realm.

Preparing Kerberos Clients

The main requirement for Kerberos client configuration is to set up the Kerberos configuration file, krb5.conf, as described earlier. Note that there’s no need for a [logging] or [kdc] section, and, consequently, no need for a kdc.conf file—even if you’re using MIT Kerberos.


You can mix and match an MIT Kerberos KDC with Heimdal clients, or a Heimdal KDC with MIT Kerberos clients. As described in the section Section 9.5, still other Kerberos implementations can interact with these common Linux Kerberos tools.

Because the Kerberos clients don’t maintain Kerberos databases, you don’t need to use kadmin or kadmin.local to set up local Kerberos databases on the clients. You do, though, need to create principals for your users, as described earlier in this chapter.

Installing Kerberized Clients

Kerberized clients can be classified in two categories: those that ship with the main Kerberos package and third-party tools. The “official” Kerberized clients are those that ...

Get Linux in a Windows World now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.