Kerberos Authentication Configuration Steps
- Former user (Deleted)
- Sean Hastert
Kerberos Configuration File Reminder
All examples below display configuration files that are appropriate for our example. Please be certain to configure as it pertains to your deployment.
- You should access your SoftNAS instance from both the Web and the CLI as you will need both for configuration.
1. Configure Kerberos Files
- From within SoftNAS, navigate to Settings >Identity and Access Control > Kerberos
- Enter the required information into the Default Configuration text boxes.
- Once done, click the Update Configuration button. This will update your /etc/krb5.conf file.
2. Obtain Ticket
Issue the following command to obtain a ticket and store it in a credential cache file:
kinit <principal/user>
kinit
By default, kinit attempts to authenticate using the same system login user name (not the Kerberos server). If that user name does not match a principal in the Kerberos database, kinit will issue an error message. Best practice is to supply kinit with the name of the correct principal/user as shown above and in the example on the right.
- Enter the password for your principal/user.
3. Verify Credentials are in Cache
To view and verify that credentials are in the cache, issue the following command:
klist
4. Destroy the Cache
If you wish to destroy the cache and the credentials in it, issue the following command:
kdestroy
Understand Authentication Failure
If you happen to run into a failure when issuing the kinit command, try issuing the command as follows to get a verbose view of what is happening. This can be very useful in identifying problems.
KRB5_TRACE=/dev/stdout kinit <principle/user>
