On Thu, Oct 20, 2011 at 3:57 PM, Steven Leikeim <[email protected]> wrote: > On Thu, Oct 20, 2011 at 01:07:45PM -0600, > [email protected] wrote:
>> Which configuration options can be used on SL 5.5, to get Kerberos tickets >> immediately after login? >> > > In System -> Administration -> Authentication, there is a checkbox to enable > Kerberos support for Authentication as well as Configure your Kerberos > settings. Behind the scenes, this tool simply summons the "authconfig" command. Reading up on this command will give you all the power of the GUI, but in a way that is easily scripted and deployed. I strongly urge upgrading to 5.7, for a whole slew of improved integrations involving Kerbers and especially features like NFSv4, and I especially urge upgrading to SL 6.1 to get single-sign-on key handling for OpenSSH, which requires OpenSSH 5.x. > It's been quite a while since we set this up and I can't remember if this was > sufficient or additional manual configuration was required. The important part > of Kerberos getting tickets automatically is in /etc/pam.d/system-auth. Here > we have the following line in the auth section: > > auth sufficient pam_krb5.so use_first_pass > > (There are similar lines in other sections.) > > This works for us here, and has worked with a different (ie non-AD) LDAP > server. The only caveat to this, is that for this to work properly, passwords > must be synchronized between LDAP and AD. > > If you have any other questions on this, please feel free to ask. > > I hope this helps. > > > > > Steven Leikeim > > -- > > Steven Leikeim, GSEC-Gold | We, the willing > Schulich School of Engineering | led by the unknowing > Information Technologies | are doing the impossible > | for the ungrateful. > University of Calgary | We have done so much > Calgary, Alberta | for so long with so little > | we are now qualified > Phone: (403) 220-5373 | to do anything with nothing. >
