| Service principle: | host/<fqdn>@<realm> |
| Keytab file: | /etc/krb5.keytab |
| Tested version: | 5.1p1 |
| Required version: |
Add the following lines to your sshd config file (/etc/ssh/sshd_config):
GSSAPIAuthentication yes
KerberosAuthentication yes
KerberosTicketCleanup yes
This should allow login with Kerberos tickets, login with Kerberos passwords, pass your Kerberos ticket to the SSH server and destroy the ticket on the SSH server when you logout. Remember to restart sshd after editing the config file and to configure your ssh client for Kerberos support.
| Service principle: | http/<fqdn>@<realm> |
| Keytab file: | Specified in config file |
| Tested version: | 2.2.9 |
| Required version: |
Firstly this requires you to have mod_auth_kerb installed and loaded. Then you need to make the following changes to your config file:
AuthType Kerberos
AuthName "
KrbAuthRealm
Krb5Keytab
AuthGroupFile
require group
Again, you will need to restart Apache after editing the config file and configure your browser to support Kerberos. You should now be able to do passwordless logins with a Kerberos ticket or get promted for a Kerberos password if you don't have a ticket.
There are several ways to access a Subversion repository. Personally I prefer https as it gives a nice web interface to the current revision, still works fully with the svn client and allowed easy intergration with Kerberos. Access for HTTP is exactly the same as for setting up Apache.
| Service principle: | http/<fqdn>@<realm> |
| Keytab file: | Specified in config file |
| Tested version: | Apache 2.2.9 |
| Required version: |
See the Apache section for the configuration details.
| Service principle: | svn/<fqdn>@<realm> |
| Keytab file: | /etc/krb5.keytab |
| Tested version: | |
| Required version: | >1.5 |