Kerberos Infrastructure HOWTO

V. Alex Brennen

2004-05-29

Revision History
Revision 2.0.02004-05-28Revised by: VAB
Conversion to DocBook XML. General Content Updates, including incorporation of Technical and Metadata/Markup Reviews.
Revision 1.0.32003-04-01Revised by: VAB
Minor Updates, Minor Corrections, Additional links added.
Revision 1.0.22002-09-13Revised by: VAB
Minor Updates, Minor Corrections, Added 8.6, Additional links added.
Revision 1.0.12002-07-15Revised by: VAB
Minor Updates, Fixes.
Revision 1.0.02002-06-13Revised by: VAB
Initial Release.

This document describes the design and configuration of a Kerberos infrastructure for handling authentication with GNU/Linux. It details steps for a best practices method of setting up servers, Kerberos software, conversion of legacy systems, and answers frequently asked questions.


Table of Contents
1. About this Document
1.1. General Information
1.2. Translations
1.3. Credits and Contributors
1.4. Feedback
2. An Overview of a Kerberos Infrastructure
2.1. An Introduction to Kerberos
2.2. The Benefits of Kerberos
2.3. How Kerberos Works
2.4. Compromise of Kerberos Infrastructure
3. Installing and Configuration
3.1. General Machine Configuration Overview
3.2. Hardware
3.3. GNU/Linux Installation
3.4. Choosing A Realm
3.5. Kerberos Software Configuration
3.6. Principal Creation
4. Time Synchronization
4.1. The Importance of Time Synchronization
4.2. Introduction to NTP
4.3. NTP Installation and Configuration
5. Kerberos Server Replication
5.1. Description of Replication
5.2. Implementation
5.3. Maintenance
6. Client Configuration
6.1. General GNU/Linux Client Configuration
6.2. PAM
6.3. Apache Web Server
6.4. Microsoft Windows
7. Programming With Kerberos
7.1. The Kerberos API
A. Relevant Sources for More Information
A.1. Links to related documents
A.2. Related web sites
A.3. Related RFCs
A.4. Other references
A.5. Additional resources
A.6. Companies which provide specialist Kerberos consulting
Glossary of Terms