Post tagged: authentication

Kerberos Client

This simple mini how-to goes over the configuration of a linux system so it can use a Kerberos Realm server for authentication. Make sure you have the pam_krb5 rpm files installed. You can check this by running the rpm -qa | grep pam command and seeing whether the pam_krb5 rpm files are listed. If they aren't, you can typically download them in an update of the Linux or Unix operating system that you are running. ...

Chrome Kerberos Authentication

To config chrome to use kerberos authentication you need to start the application the following parameter: auth-server-whitelist - Allowed FQDN - Set the FQDN of the IdP Server. Example: chrome --auth-server-whitelist="*aai-logon.domain-a.com" auth-negotiate-delegate-whitelist - For which FQDN credential delegation will be allowed. ...

Native Kerberos Authentication with SSH

This article is about integrating OpenSSH in a kerberos environment. Allthough OpenSSH can provide passwordless logins (through Public/Private keys), it is not a true SSO set-up. This article makes use of Kerberos TGT service to implement a true SSO configuration for OpenSSH. Pre-requisites First off, you'll need to make sure that the OpenSSH server's Kerberos configuration (in /etc/krb5.conf) is correct and works, and that the server's keytab (typically /etc/krb5.keytab) contains an entry for host/fqdn@REALM (case-sensitive). I won't go into details on how this is done again; instead, I'll refer you to any one of the recent Kerberos-related articles (like this one, this one, or even this one). Just be sure that you can issue a kinit -k host/fqdn@REALM and get back a Kerberos ticket without having specify a password. (This tells you that the keytab is working as expected.) ...