Edit the kerberos client config file
Kerberos clients use the file /etc/krb5.conf on Linux. On Solaris 10 the file is located at /etc/krb5/krb5.conf. Why does the server need that file? Usually you use kerberos authentication on the server machine too, so you'll need that file. Here is a starting example:
[libdefaults] default_realm = REDFLO.DE [realms] REDFLO.DE = { kdc = kerberos.redflo.de admin_server = kerberos.redflo.de } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log
What does this mean? The kerberos config files are structured in the windows ini-file style. Here we can see three setions.
The first section libdefaults contains default values for the kerberos libraries. These libraries are used by all kerberizes programs. There are more than 20 possible settings here, but we start only with default_realm. This saves some typing.
In the section realms we tell the kerberos client programs where to find the kerberos server and the kerberos admin server. Both are on kerberos.redflo.de in our case. Remember to setup your DNS server so that the clients can resolve the machine "kerberos.redflo.de".
The logging section should be self-explanatory. If you run into problems later, always think about to have a look into these files!
All options and all sections of the /etc/krb5.conf file are explained in the krb5.conf manpage or in the Kerberos V5 System Administrators Guide.
Everytime we change something, we want to check if it works. At the moment we don't have a kerberos server running, but we can check that it don't work. To get a ticket from the kerberos server we can use kinit. So you type "kinit" and watch the output:
kinit kinit(v5): Cannot contact any KDC for requested realm while getting initial credentials
That just means that kinit cannot contact the kerberos server. So let's setup the kerberos server.
If you get
kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials
then you have to setup name resolution (DNS) for your kerberos server.