ubuntu下安装kerberos

命令:

sudo apt-get install krb5-user

查看kinit 是否安装:

which kinit

配置文件:

krb5.conf放到/etc目录下

[logging]
	default = FILE:/var/log/krb5libs.log
	kdc = FILE:/var/log/krb5kdc.log
	admin_server = FILE:/var/log/kadmind.log

[libdefaults]
	default_realm = XIAONEI.OPI.COM
	dns_lookup_realm = false
	dns_lookup_kdc = false
	ticket_lifetime = 96h
	forwardable = yes

[realms]
	XIAONEI.OPI.COM = {
		kdc = kerberos.opi.com:88
		kdc = kerberos2.opi.com:88
		admin_server = kerberos.opi.com:749
		default_domain = opi.com
	}

[domain_realm]
	.opi.com = XIAONEI.OPI.COM
	opi.com = XIAONEI.OPI.COM

[appdefaults]
	pam = {
		debug = false
		ticket_lifetime = 36000
		renew_lifetime = 36000
		forwardable = true
		krb4_convert = false
	}

确认启用了GSSAPIAuthentication认证

  /etc/ssh/ssh_conf 中的 GSSAPIAuthentication  yes

  如果需要票据漫游 把  GSSAPIDelegateCredentials 也设为 yes

登陆服务器

 ssh [email protected]