This simple mini how-to goes over the configuration of a linux system so it can use a Kerberos Realm server for authentication.

  1. Make sure you have the pam_krb5 rpm files installed. You can check this by running the rpm -qa | grep pam command and seeing whether the pam_krb5 rpm files are listed. If they aren’t, you can typically download them in an update of the Linux or Unix operating system that you are running.
  2. Add the line to the “/etc/pam.d/system-auth” part of the auth section of Kerberos. Add it after the “pam_unix.so” line:

    auth sufficient /lib/security/pam_krb5.so use_first_pass forwardable
    
  3. Add the line to the “/etc/pam.d/system-auth” part of the password section of Kerberos. Add it after the “pam_unix.so” line:

    password sufficient /lib/security/pam_krb5.so use_authtok
    
  4. Add the line to the “/etc/pam.d/system-auth” part of the session section of Kerberos. Add it after the “pam_unix.so” line:

    session optional /lib/security/pam_krb5.so