Jump to content

- - - - -


  • Please log in to reply
No replies to this topic

#1 Guest_James walthall_*

Guest_James walthall_*
  • Guests

Posted 13 February 2004 - 10:09 AM


I have been assigned the arduous task of installing kerberos on our closed network to authenticate about 500 machines. Let me give you a little background first...

I am NOT a linux guru, but am learning very quickly how things work. I have been studying this kerberos stuff for a while now, and hope that my knowledge is foundation enough to ask the appropriate questions. Here is what we would like to do:

Simply put, this installation is not intended for an extremely secure environment. It is only meant to require authentication, much like the basic windows authentication. When an employee leaves our group, we are required to change the passwords on our machines. I would like to have it so that instead of changing the password on each machine, we will be able to change one password on the KDC and be finished with it. We would like to have just one account, Administrator, that shares a password across the board for all machines. There are no additional users, no additional passwords. Just one user name (excluding root), one password, 400 machines.

I have installed the KDC and am not sure if it is working properly. Using the Kerberos GUI mini-program located in extras, I am able to authenticate the KDC with itself by using the user name

hostname/[email protected]

and its password.

I would like to know how to configure the machine so that when the RedHat GUI login console comes up, that I type Administrator as the user name, and the password -- and kerberos successfully authenticates this machine. Again, much like a basic windows environment, or much like how redhat does it without kerberos installed. The ONLY difference is that when we have to change a password, we do it once through the KDC instead of 400 times for each machine. Please tell me what principle needs to be added to accheive this functionality, and what steps I should take to get it working like I want.

We have already looked into other alternatives, and have a definate settlement for kerberos. Please be specific as possible, and try not to be so vague, as help in the past has been fruitlessly haulted because of the technical jargon and assumptions.
James Walthall
IBM Host Integration/HATS