Kerberos requesting for password after generating TGT

1
votes

I have followed the below steps to set up the Kerberos server for centos.

  1. Inserted valid fqdn in /etc/hosts file.
  2. Changed realm name in /var/kerberos/krb5kdc/kdc.conf
  3. Changed realm name in /var/kerberos/krb5kdc/kadm5.acl
  4. Configured /etc/krb5.conf
  5. Created KDC using command kdb5_util create -s -r TEST.COM
  6. systemctl enable krb5kdc
  7. systemctl enable kadmin
  8. systemctl start krb5kdc
  9. systemctl start kadmin
  10. Configure firewalld to accept Kerberos related traffic
  11. Register trusted entities to the Kerberos Database
  12. Configured etc/ssh/sshd_config

I am able to Generate TGT with kinit command. But when i try to ssh to the server, It is prompting for password.

/etc/krb5.conf

includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_realm = TEST.COM
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
 TEST.COM = {
  kdc = vm.test.com
  admin_server = vm.test.com
 }

[domain_realm]
 .test.com = TEST.COM
 test.com = TEST.COM
1
centos7kerberosmit-kerberos
Sounds like an issue in sshd_config or in your client-side SSH config. Try again in "very verbose mode" to check whether, and how, the Kerberos auth happens.Samson Scharfrichter

1 Answers

0
votes

Solved it. I was giving in the hostname in krb5.conf and not the fqdn of servers. :D