First, note that none of this is necessary on TIG's supported flavor of Linux, CSAIL Debian, which comes with Kerberos and OpenAFS already configured and integrated with the system.

Installation on Debian or similar systems (Ubuntu, etc)

• apt-get install krb5-user krb5-config If prompted for a default realm, enter CSAIL.MIT.EDU making sure to capitalize it as shown.
• Run kinit <username>@CSAIL.MIT.EDU to authenticate. The authentication tickets obtained here will expire after 10 hours, at which point you'll no longer be authenticated. You may wish to investigate a tool like kredentials, which will keep your authentication active longer.
• Add the following to ~/.ssh/config so ssh will properly use your Kerberos tickets when logging in to CSAIL machines (create the file if it doesn't already exist):

Host *.csail.mit.edu
    GSSAPIAuthentication yes
    GSSAPIDelegateCredentials yes

Installation for Redhat, Fedora, etc

Please contribute content for this section!

One user's experience with installing kerberos client functionality on Fedora Core 9: I started by installing the following kerberos packages via yum:

krb5-devel-1.6.3-16.fc9.i386
krb5-workstation-1.6.3-16.fc9.i386
pam_krb5-2.3.5-1.fc9.i386
krb5-auth-dialog-0.7-7.fc9.i386
krb5-libs-1.6.3-16.fc9.i386

Probably krb5-devel is not necessary.

Then I editted /etc/krb5.conf, changing

               EXAMPLE.COM -> CSAIL.MIT.EDU
               example.com -> csail.mit.edu

and this is what the [realms] section should look like:

[realms]
 CSAIL.MIT.EDU = {
  kdc = kerberos-1.csail.mit.edu
  kdc = kerberos-2.csail.mit.edu
  admin_server = kerberos-1.csail.mit.edu
  default_domain = csail.mit.edu
 }

I put the changes recommended for ~/.ssh/config into /etc/ssh/ssh_config. Either place should be fine.

Topic InstallingKerberosForLinux . { Edit Attach Backlinks: Web All webs Printable History: r5 < r4 < r3 < r2 < r1 More }