Kerberos setup on non-facilitized linux systems
- Get a kerberos host key (contact SCS help for this)
- Need key string (in hex)
- Need key number (kvno)
- remctl kerberos ak7 key <FQDN>
- Get the baseline kerberos configuration
- wget http://www.cs.cmu.edu/~ewalter/kerberos/krb5.conf
- cp krb5.conf /etc/krb5.conf
- Use your host key to install a keytab
- run ktutil and create your keytab
- ktutil: addent -key -p host/<FQDN>@<KERBEROS REALM> -k <kvno> -e des
- enter the key string (in hex) without any spaces
- write out the keytab to disk
- ktutil: wkt /etc/krb5.keytab
- Give root access to your kerberos principal
- create /root/.k5login
- add user/root@<KERBEROS REALM> to .k5login
- Test logging in with primary kerberos prinicipal
- Test logging in with kerberos root principal