This document explains how to configure your SUSE Linux machine to authenticate with Kerberos so that people can log on with their IU Network password.

Starting YaST

YaST stands for "Yet Another System Tool". It is your central control panel for all system-wide configuration changes. Go to your kicker, select System, then YaST. You should be prompted for the root password to your machine.

Once in YaST, select the Network Services tab, and click on the Kerberos Client icon.

Basic Kerberos Configuration

You should be seeing a screen that resembles:

Fill in the fields:

Check the Use Kerberos item
Default Domain should be IU.EDU
Default Realm should be IU.EDU
KDC Server Address should be kdc-1.iu.edu

Press Finish when done. You may be prompted to install some software for Kerberos support if you have not already.

Getting our configuration file.

We have our own Kerberos configuration file which will actually override some of what you entered above. Most importantly, it configures a list of servers to fall back to if the KDC is not available. Type the following:

sudo -s
cd /etc
mv krb5.conf krb5.conf.yast
wget ftp://ftp.chem.indiana.edu/groups/ITG/config/krb5.conf
exit

Testing your Kerberos Configuration

Before you logout and log back in to test Kerberos, you may want to try to grab a valid kerberos ticket first. Run this as your normal user:

/usr/bin/kinit

You will be prompted for your IU password. If it's wrong, you will see "Password incorrect". If it's right, it will be pretty quiet, or give you a renewal notice period.

Reference

http://wiki.chem.indiana.edu/OS/ConfiguringKerberosSupportForIUInSUSELinux

Rights

rw-rw-r--

tstrombe

ITG

Configuring your SUSE installation source to our site

Accessing Windows Networks from SUSE 9.1