In the OpenSUSE documentation I red this very exciting chapter Chapter 6. Network Authentication with Kerberos That mentions “Using LDAP and Kerberos” which combined with NFSv4 would give my office net functionality of a M$ Win network.
We are still on 11.2 (we have no win clients at all) and I was testing different setups of 11.4 in VM, but I can’t get YaST to configure the LDAP with Kerberos setup (our current setup does not use Kerberos only LDAP). Unfortunately I could not find any meaningful HOWTO on how to do it in SuSE. The page in docs involves editing config files, but I would like to avoid this, because from my former experience with Samba, as it would mean I cannot use yast anymore and that is sad.
Back to my questions:
Is there a way to configure LDAP + Kerberos (in terms of issuing of krb tickets at login) with YaST?
If there is a way, could someone at least roughly explain how?
Tanks in advance.
PS: I basically need Kerberos for NFS and Intranet site.
First I was amused you mention the same page as I did, then I thought you mean smth else. Are you implying that if I make LDAP authenticate itself against the client, the ticket will be created? Could you please be more explicit…
I would really appreciate a direct answer to my first question, that is really important as I want to use autoyast.
You should be able to get a ticket at login by configuring PAM.
You AD administrator will need to assist you with getting the keytab file.
I don’t use YAST very often, most of my configuration is done with the command line.
Sorry again for the dumb post earlier.
Yast is a great tool but in my environment there a quite a few servers so logging in to each system to use Yast would be very time consuming. It’s easier to write a script that will make the desired changes and then broadcast it out to all the servers. Suse (SLES actually) was chosen because we were a Novell shop. We are now moving to AD and openSuse.