I have followed the below steps to set up the Kerberos server for centos.
- Inserted valid fqdn in /etc/hosts file.
- Changed realm name in /var/kerberos/krb5kdc/kdc.conf
- Changed realm name in /var/kerberos/krb5kdc/kadm5.acl
- Configured /etc/krb5.conf
- Created KDC using command kdb5_util create -s -r TEST.COM
- systemctl enable krb5kdc
- systemctl enable kadmin
- systemctl start krb5kdc
- systemctl start kadmin
- Configure firewalld to accept Kerberos related traffic
- Register trusted entities to the Kerberos Database
- Configured etc/ssh/sshd_config
I am able to Generate TGT with kinit command. But when i try to ssh to the server, It is prompting for password.
/etc/krb5.conf
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = TEST.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
TEST.COM = {
kdc = vm.test.com
admin_server = vm.test.com
}
[domain_realm]
.test.com = TEST.COM
test.com = TEST.COM
sshd_config
or in your client-side SSH config. Try again in "very verbose mode" to check whether, and how, the Kerberos auth happens. – Samson Scharfrichter