Kerberos: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 21: | Zeile 21: | ||
GSSAPITrustDNS yes | GSSAPITrustDNS yes | ||
</pre> | </pre> | ||
| + | |||
| + | |||
| + | ==required in smb.conf== | ||
| + | kerberos method = secrets and keytab | ||
| + | |||
| + | ==create /etc/security/pam_winbind.conf == | ||
| + | krb5_auth = yes | ||
| + | krb5_ccache_type = FILE | ||
| + | |||
| + | |||
*http://trabauer.com/?p=383 | *http://trabauer.com/?p=383 | ||
Version vom 8. September 2014, 18:14 Uhr
important
client and servers should have the correct time and should resolv A and PTR record on dns
ssh-server
modification /etc/ssh/sshd_config
# GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIKeyExchange yes GSSAPIStoreCredentialsOnRekey yes
generate a keytab-file
net ads keytab create -U administrator
ssh-client
modification /etc/ssh/ssh_config
GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPIKeyExchange yes GSSAPIRenewalForcesRekey yes GSSAPITrustDNS yes
required in smb.conf
kerberos method = secrets and keytab
create /etc/security/pam_winbind.conf
krb5_auth = yes krb5_ccache_type = FILE