For several years I have used Kerberos and PAM to provide authentication for most users. However, pam_krb5.so does not appear to be in CentOS 8. Is there a way to add Kerberos authentication? I do not mean using using Active Directory and/or LDAP. Just plain vanilla Kerberos
I searched out sssd which claims to supports Kerberos but I could not find any documentation on how to enable it.
sssd and Kerberos
Re: sssd and Kerberos
SSSD includes packages sssd-krb5 and sssd-krb5-common.
For the settings in sssd.conf, see man sssd-krb5
It takes about these for sssd to talk to kerberos:
For the settings in sssd.conf, see man sssd-krb5
It takes about these for sssd to talk to kerberos:
Code: Select all
[domain/awesome]
auth_provider = krb5
chpass_provider = krb5
krb5_kpasswd = ...
krb5_server = ...
krb5_realm = ...
-
- Posts: 135
- Joined: 2014/06/17 21:50:37
Re: sssd and Kerberos
Thank you. Dunno how I overlooked it but I now have a place to start.
-
- Posts: 135
- Joined: 2014/06/17 21:50:37
Re: sssd and Kerberos
I was able to get sssd to work with kerberos by putting the following in /etc/sssd/sssd.conf:
This worked for sudo but I still need to do some more testing for ssh.
Code: Select all
[sssd]
config_file_version = 2
domains = LOCAL
services = nss, pam
[domain/LOCAL]
id_provider = files
auth_provider = krb5
krb5_server = kdc01.lereta.net
krb5_realm = TOTALFLOOD.COM
cache_credentials = true
enumerate = false
[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
[pam]
reconnection_retries = 3
offline_credentials_expiration = 2
offline_failed_login_attempts = 3
offline_failed_login_delay = 5