Pam krb5

From Q
Revision as of 16:13, 27 July 2011 by Tgurr (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


After we connected our Linux machine via Samba to our Windows ADS we now want ADS users to log in to our Linux machine via single sign on using their ADS accounts and passwords. For this we need the pam module pam_krb5.


Samba - connected to ADS


Code: emerge pam_krb5 -pv
[ebuild  N    ] sys-auth/pam_krb5-3.10  USE="-doc" 153 kB


# emerge pam_krb5


File: /etc/pam.d/system-auth

auth       required
auth       sufficient try_first_pass likeauth nullok
auth       sufficient # allow users from windows active directory
auth       required

account    required
account    sufficient minimum_uid=1100 # allow users from windows active directory

password   required difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
password   sufficient try_first_pass use_authtok nullok md5 shadow
password   required

session    required
session    required
session    optional minimum_uid=1100 # allow users from windows active directory
session    optional skel=/etc/skel umask=0022 silent # create new homedir for windows active directory users

Add User Permissions

# usermod -a -G wheel,plugdev,audio,cdrom,video,lp,kvm,qemu <user>