Kerberos + LDAP with YaST


In the OpenSUSE documentation I red this very exciting chapter Chapter 6. Network Authentication with Kerberos That mentions “Using LDAP and Kerberos” which combined with NFSv4 would give my office net functionality of a M$ Win network.

We are still on 11.2 (we have no win clients at all) and I was testing different setups of 11.4 in VM, but I can’t get YaST to configure the LDAP with Kerberos setup (our current setup does not use Kerberos only LDAP). Unfortunately I could not find any meaningful HOWTO on how to do it in SuSE. The page in docs involves editing config files, but I would like to avoid this, because from my former experience with Samba, as it would mean I cannot use yast anymore and that is sad.

Back to my questions:

  1. Is there a way to configure LDAP + Kerberos (in terms of issuing of krb tickets at login) with YaST?

  2. If there is a way, could someone at least roughly explain how?

Tanks in advance.

PS: I basically need Kerberos for NFS and Intranet site.

This may help Network Authentication with Kerberos

Good luck,

First I was amused you mention the same page as I did, then I thought you mean smth else. Are you implying that if I make LDAP authenticate itself against the client, the ticket will be created? Could you please be more explicit…

I would really appreciate a direct answer to my first question, that is really important as I want to use autoyast.

Wow, I just realized what I did, sorry for giving you that link. :shame:

Here is some better information (I hope)
CITI: Projects: NFS Version 4 Open Source Reference Implementation
OpenSUSE 11.1 Reference - NFS with Kerberos
Kerberos Infrastructure HOWTO

You should be able to get a ticket at login by configuring PAM.
You AD administrator will need to assist you with getting the keytab file.
I don’t use YAST very often, most of my configuration is done with the command line.
Sorry again for the dumb post earlier.

Good luck

That’s ok, no prob. Can I ask you one question, if yast is not the primary reason you use Suse, what is it then?

Yast is a great tool but in my environment there a quite a few servers so logging in to each system to use Yast would be very time consuming. It’s easier to write a script that will make the desired changes and then broadcast it out to all the servers. Suse (SLES actually) was chosen because we were a Novell shop. We are now moving to AD and openSuse.