System Configuration and Management — Configure system to authenticate using Kerberos

This is a new objective to RHEL6, previously the objective was to setup NIS. Apparently they realized that nobody uses NIS any more and updated the requirements.
Personally, I have been using a tool called Likewise Open (http://www.likewise.com/products/likewise_open/) that enables Linux systems to join an AD domain. Since I doubt this is the solution RedHat is looking for, its back to the books for this one.
STEP 1: Ensure all packages are installed
For this to work properly, you need the kerberos and samba package both installed
yum install krb5-server pam_krb5 samba samba-common samba-winbind samba-client samba-winbind-clients

STEP 2: Configure the system to authenticate
Execute system-config-authentication and choose winbind for the account database
For security model, select ads
Under winbind domain, enter the short-name for the domain (i.e. without the .com)
Under ADS Realm, enter the FQDN of the domain
Under Domain Controllers, enter your preferred domain controller
Select a desired shell template
Click Join Domain and enter the credentials

STEP 3: Confirm
Log out of the system and attempt to log in using domainuser as the username

NOTE: This may be all wrong. I cant find any specific details on what redhat is looking for here (i.e. kerberos authentication via winbind)

One thought on “System Configuration and Management — Configure system to authenticate using Kerberos

  1. Can you comment about your experience with this area of the test? My assumption was the authconfig(8) command would be used here to setup kerberos authentication, but I see you are going for the AD stuff.

    Was it AD or regular kerberos/ldap?

Leave a Reply