Kerberos Setup

Kerberos is a network authentication protocol which is used by FNAL and CERN. Login into the head node. Copy this file to the /etc directory. If the file already exists, backup the original and save this as the new file.

Edit the ssh_config file to use Kerberos tickets by entering the following lines:

[root@grow-prod ~]# vi /etc/ssh/ssh_config

Inside the “Host” section, add the following two lines.

/etc/ssh/ssh_config

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

Restart ssh service.

[root@grow-prod ~]# /etc/init.d/sshd restart

Edit these files and add the following lines to give all users commands for FNAL and CERN.

[root@grow-prod ~]# sudo vi /etc/profile.d/krb5-cms.csh
[root@grow-prod ~]# sudo vi /etc/profile.d/krb5-cms.sh

/etc/profile.d/krb5-cms.*

# Kerberos
alias kinit_fnal='/usr/kerberos/bin/kinit -A -f'
alias kinit_cern='/usr/kerberos/bin/kinit -5'

Add the files krb5.conf, ssh_config, krb5-cms.sh, and krb5-cms.csh to Files.mk.

[root@grow-prod ~]# vi /var/411/Files.mk

/var/411/Files.mk

FILES += /etc/sudoers \
        /etc/krb5.conf \
        /etc/ssh/ssh_config \
        /etc/profile.d/krb5-cms.sh /etc/profile.d/krb5-cms.csh

Notes

Contact Info

This Dokuwiki page is maintained by:
Daniel Squires
University of Iowa
Department of Computer Science
Email: daniel-squires@uiowa.edu

Table of Contents

Kerberos Setup

Notes

Contact Info