Login via Kerberos credentials on Debian

Login via Kerberos credentials on Debian
	Part V. Configuring Linux subsystems

Jurjen Bokma

January 2009

Install the PAM Kerberos module:

apt-get install libpam-krb5

Configure it in /etc/krb5.conf:

[appdefaults]
  forwardable = true
  pam = {
    minimum_uid = 1000
    EXAMPLE.COM = {
      ignore_k5login = true
      }
    }

Configure PAM via /etc/pam.d/common-auth:

auth    sufficient  pam_krb5.so minimum_uid=1000 use_first_pass try_pkinit
auth    required        pam_unix.so nullok_secure

, /etc/pam.d/common-session:

session required        pam_krb5.so minimum_uid=1000
session required        pam_unix.so

/etc/pam.d/common-account:

account required        pam_krb5.so minimum_uid=1000
account required        pam_unix.so

/etc/pam.d/common-password:

password   sufficient pam_krb5.so minimum_uid=1000 use_first_pass try_pkinit
password   required   pam_unix.so nullok obscure min=4 max=8 md5 use_first_pass

Try to su:
su - tuya Password: tuya@host:~$

And try to change the password:
passwd Current Kerberos password: Enter new Kerberos password: Retype new Kerberos password: passwd: password updated successfully


Getting soundly to work on Ubuntu (KDE version)		$GENERATE records in BIND9 config