Linux Kerberos Client Configuration
Kerberized clients are simpler to configure than KDCs or Kerberized application servers. Nonetheless, these tools do require some basic configuration to work. You may even need to track down Kerberized versions of clients for specific protocols, particularly if you want to use tools that aren’t provided with Kerberos. Once everything’s set up, you should know something about the basic Kerberos user management tools, because they control user access to the realm.
Preparing Kerberos Clients
The
main requirement for Kerberos client configuration is to set up the
Kerberos configuration file, krb5.conf, as
described earlier. Note that there’s no need for a
[logging] or [kdc] section,
and, consequently, no need for a kdc.conf
file—even if you’re using MIT Kerberos.
Tip
You can mix and match an MIT Kerberos KDC with Heimdal clients, or a Heimdal KDC with MIT Kerberos clients. As described in the section Section 9.5, still other Kerberos implementations can interact with these common Linux Kerberos tools.
Because the Kerberos clients don’t maintain Kerberos
databases, you don’t need to use
kadmin or kadmin.local to
set up local Kerberos databases on the clients. You do, though, need
to create principals for your users, as described earlier in this
chapter.
Installing Kerberized Clients
Kerberized clients can be classified in two categories: those that ship with the main Kerberos package and third-party tools. The “official” Kerberized clients are those that ...
Get Linux in a Windows World now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
