Free Hosting Online for WorkStations

< Previous | Contents | Next >

5.3. Kerberos Configuration


The installation of krb5-user will prompt for the realm name (in ALL UPPERCASE), the kdc server (i.e. domain controller) and admin server (also the domain controller in this example.) This will write the [realm] and [domain_realm] sections in /etc/krb5.conf. These sections may not be necessary if domain autodiscovery is working. If not, then both are needed.


If the domain is myubuntu.example.com, enter the realm as MYUBUNTU.EXAMPLE.COM


Optionally, edit /etc/krb5.conf with a few additional settings to specify Kerberos ticket lifetime (these values are safe to use as defaults):


[libdefaults]


default_realm = MYUBUNTU.EXAMPLE.COM ticket_lifetime = 24h # renew_lifetime = 7d


If default_realm is not specified, it may be necessary to log in with “username@domain” instead of “username”.


The system time on the Active Directory member needs to be consistent with that of the domain controller, or Kerberos authentication may fail. Ideally, the domain controller server itself will provide the NTP service. Edit /etc/chrony/chrony.conf:


server dc.myubuntu.example.com


Top OS Cloud Computing at OnWorks: