Ce contenu n'est pas disponible dans la langue sélectionnée.

4.3. Configuring Kerberos (with LDAP or NIS) Using authconfig


Both LDAP and NIS authentication stores support Kerberos authentication methods. Using Kerberos has a couple of benefits:
  • It uses a security layer for communication while still allowing connections over standard ports.
  • It automatically uses credentials caching with SSSD, which allows offline logins.

Note

Using Kerberos authentication requires the krb5-libs and krb5-workstation packages.

4.3.1. Configuring Kerberos Authentication from the UI

The Kerberos password option from the Authentication Method drop-down menu automatically opens the fields required to connect to the Kerberos realm.
Kerberos Fields

Figure 4.2. Kerberos Fields

  • Realm gives the name for the realm for the Kerberos server. The realm is the network that uses Kerberos, composed of one or more key distribution centers (KDC) and a potentially large number of clients.
  • KDCs gives a comma-separated list of servers that issue Kerberos tickets.
  • Admin Servers gives a list of administration servers running the kadmind process in the realm.
  • Optionally, use DNS to resolve server host name and to find additional KDCs within the realm.

4.3.2. Configuring Kerberos Authentication from the Command Line

Both LDAP and NIS allow Kerberos authentication to be used in place of their native authentication mechanisms. At a minimum, using Kerberos authentication requires specifying the realm, the KDC, and the administrative server. There are also options to use DNS to resolve client names and to find additional admin servers.
[root@server ~]# authconfig NIS or LDAP options --enablekrb5 --krb5realm EXAMPLE --krb5kdc kdc.example.com:88,server.example.com:88 --krb5adminserver server.example.com:749 --enablekrb5kdcdns --enablekrb5realmdns --update
Red Hat logoGithubRedditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez leBlog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

© 2024 Red Hat, Inc.