Ubuntu 20.04 LTS configuring Kerberos client with PAM

Created in September 20, 2024

2024   ·   Ubuntu   20.04,   Kerberos,   PAM,   UNC   ·   linux

It’s hard to find an article showing how to configure a Kerberos client with PAM on Ubuntu 20.04 or higher. Here is the step-by-step tutorial

0. Update apt

sudo apt-get update
sudo apt-get upgrade

1. Install packages and configure Kerberos source

sudo apt-get install krb5-user libpam-krb5
sudo vim /etc/krb5.conf

Here is an example configuration using UNC AD server:

[libdefaults]
# campus AD is now the authentication source
default_realm = AD.UNC.EDU
# for MIT Kerberos
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# for Heimdal Kerberos
fcc-mit-ticketflags = true

[realms]
AD.UNC.EDU = {
    kdc = addc0.ad.unc.edu
    kdc = addc1.ad.unc.edu
    kdc = addc2.ad.unc.edu
    kdc = addc3.ad.unc.edu
    kdc = addc4.ad.unc.edu
}

2. Enable authentication via PAM

sudo pam-auth-update

Make sure you selected Kerberos authentication and do not select Unix, which has a higher priority.

Screenshot: PAM configuration.

3. Verify the connection between Kerberos server

kinit OnyenName

4. Add users and verify the authentication

sudo adduser --home /path/to/home OnyenName
sudo login


Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • Extracting RoI BOLD signal of fMRI dataset by using CONN toolbox
  • Visualize your NN to see which channels are important