Kerberos Authentication Configuration Steps

Kerberos Configuration File Reminder

All examples below display configuration files that are appropriate for our example.  Please be certain to configure as it pertains to your deployment.

  • You should access your SoftNAS instance from both the Web and the CLI as you will need both for configuration.

1. Configure Kerberos Files

  • From within SoftNAS, navigate to Settings >Identity and Access Control > Kerberos

  • Enter the required information into the Default Configuration text boxes.

  • Once done, click the Update Configuration button.  This will update your /etc/krb5.conf file.

2. Obtain Ticket

  • Issue the following command to obtain a ticket and store it in a credential cache file:

    kinit <principal/user>

kinit

By default, kinit attempts to authenticate using the same system login user name (not the Kerberos server).  If that user name does not match a principal in the Kerberos database, kinit will issue an error message.  Best practice is to supply kinit with the name of the correct principal/user as shown above and in the example on the right.

  • Enter the password for your principal/user.

3. Verify Credentials are in Cache

  • To view and verify that credentials are in the cache, issue the following command:

    klist

4. Destroy the Cache

  • If you wish to destroy the cache and the credentials in it, issue the following command:

    kdestroy

Understand Authentication Failure

If you happen to run into a failure when issuing the kinit command, try issuing the command as follows to get a verbose view of what is happening.  This can be very useful in identifying problems.

KRB5_TRACE=/dev/stdout kinit <principle/user>