====== Kerberos Setup======
Kerberos is a network authentication protocol which is used by FNAL and CERN.
Login into the head node.
Copy this [[http://security.fnal.gov/krb5.conf|file ]]to the /etc directory. If the file already exists, backup the original and save this as the new file.

Edit the ssh_config file to use Kerberos tickets by entering the following lines:
<xterm2 root>
[root@grow-prod ~]# vi /etc/ssh/ssh_config
</xterm2>

Inside the "Host" section, add the following two lines.
<file text /etc/ssh/ssh_config>
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
</file>

Restart ssh service.
<xterm2 root>
[root@grow-prod ~]# /etc/init.d/sshd restart
</xterm2>

Edit these files and add the following lines to give all users commands for FNAL and CERN.
<xterm2 root>
[root@grow-prod ~]# sudo vi /etc/profile.d/krb5-cms.csh
[root@grow-prod ~]# sudo vi /etc/profile.d/krb5-cms.sh
</xterm2>
<file bash /etc/profile.d/krb5-cms.*>
# Kerberos
alias kinit_fnal='/usr/kerberos/bin/kinit -A -f'
alias kinit_cern='/usr/kerberos/bin/kinit -5'
</file>

Add the files  krb5.conf, ssh_config, krb5-cms.sh, and krb5-cms.csh to Files.mk.
<xterm2 root>
[root@grow-prod ~]# vi /var/411/Files.mk
</xterm2>
<file text /var/411/Files.mk>
FILES += /etc/sudoers \
        /etc/krb5.conf \
        /etc/ssh/ssh_config \
        /etc/profile.d/krb5-cms.sh /etc/profile.d/krb5-cms.csh
</file>

====== Notes ======


====== Contact Info ======
This Dokuwiki page is maintained by:\\
Daniel Squires\\
University of Iowa\\
Department of Computer Science\\
Email: <daniel-squires@uiowa.edu>