Kerberos is a network authentication protocol which is used by FNAL and CERN. Login into the head node. Copy this file to the /etc directory. If the file already exists, backup the original and save this as the new file.
Edit the ssh_config file to use Kerberos tickets by entering the following lines:
[root@grow-prod ~]# vi /etc/ssh/ssh_config
Inside the “Host” section, add the following two lines.
GSSAPIAuthentication yes GSSAPIDelegateCredentials yes
Restart ssh service.
[root@grow-prod ~]# /etc/init.d/sshd restart
Edit these files and add the following lines to give all users commands for FNAL and CERN.
[root@grow-prod ~]# sudo vi /etc/profile.d/krb5-cms.csh [root@grow-prod ~]# sudo vi /etc/profile.d/krb5-cms.sh
# Kerberos alias kinit_fnal='/usr/kerberos/bin/kinit -A -f' alias kinit_cern='/usr/kerberos/bin/kinit -5'
Add the files krb5.conf, ssh_config, krb5-cms.sh, and krb5-cms.csh to Files.mk.
[root@grow-prod ~]# vi /var/411/Files.mk
FILES += /etc/sudoers \
/etc/krb5.conf \
/etc/ssh/ssh_config \
/etc/profile.d/krb5-cms.sh /etc/profile.d/krb5-cms.csh
This Dokuwiki page is maintained by:
Daniel Squires
University of Iowa
Department of Computer Science
Email: daniel-squires@uiowa.edu