added Groups and users:
groupadd -g 3555 exfel, 5478 exfl_jet
adduser --home /home/username --uid xxx --gid 3555 username
added all or some of them to the group 5478 exfl_jet "adduser username exfl_jet"
Install:
apt-get install krb5-user libpam-krb5
change the "/etc/krb5.conf"
put in:
[libdefaults]
default_realm = DESY.DE
clockskew = 300
v4_instance_resolve = true
default_etypes = des-cbc-crc
default_etypes_des = des-cbc-crc
krb4_get_tickets = true
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
pop = pop
ldap = ldap
imap = imap
ldapserver = ldapserver
}
}
[realms]
DESY.DE = {
kdc = netra32.desy.de
kdc = netra33.desy.de
kdc = netra34.desy.de
admin_server = netra32.desy.de
default_domain = desy.de
}
WIN.DESY.DE = {
krb4_get_tickets = false
kdc = adc11.win.desy.de
kdc = adc12.win.desy.de
kdc = adc13.win.desy.de
kdc = adc14.win.desy.de
kdc = adc15.win.desy.de
admin_server = adc11.win.desy.de
default_domain = WIN.DESY.DE
v4_instance_convert = {
desy = desy.de
win.desy = win.desy.de
}
}
NAF.DESY.DE = {
kdc = tcdc1.naf.desy.de
kdc = tcdc2.naf.desy.de
kdc = tcdc3.naf.desy.de
default_domain = naf.desy.de
}
IFH.DE = {
kdc = kdc1.ifh.de
kdc = kdc2.ifh.de
kdc = kdc3.ifh.de
admin_server = kdc1.ifh.de
default_domain = ifh.de
}
[domain_realm]
.desy.de = DESY.DE
.win.desy.de = WIN.DESY.DE
.naf.desy.de = NAF.DESY.DE
.ifh.de = IFH.DE
[appdefaults]
sshd = {
ticket_lifetime = 86400
renew_lifetime = 172800
forwardable = true
krb4_convert = true
afs_cells = desy.de
validate = false
proxiable = false
retain_after_close = false
minimum_uid = 0
}
pam = {
ticket_lifetime = 86400
renew_lifetime = 172800
forwardable = true
krb4_convert = true
afs_cells = desy.de
validate = false
proxiable = false
retain_after_close = false
minimum_uid = 0
}
kinit = {
ticket_lifetime = 86400
renew_lifetime = 172800
forwardable = true
krb4_convert = true
afs_cells = desy.de
validate = false
proxiable = false
}
|