If you have a Microsoft AD controller and you'd like to authenticate
your Linux systems to it, here's a simple way:

These instructions are taken from a RedHat box so some things might be
different for other distros:

Edit /etc/krb5.conf and change all the domain/realm info to your
company's values.  Make sure these are in capital letters because the
connection will fail for some stupid Microsoft reason if not.  The
"kdc" line is your AD controller.

Next, edit /etc/pam.d/system-auth to include this line after the auth
line with pam_env.so:
auth sufficient /lib/security/pam_krb5.so

And change the auth line for pam_unix.so to this:
auth sufficient /lib/security/pam_unix.so likeauth nullok use_first_pass

You need to make sure the Linux box and the AD controller have
approximately the same time or else the Kerberos authentication will
fail.  Use ntp or rdate or whatever to keep them in sync.

Now all that you need on the Linux box is the account name.  The
password you supply will be the password stored in AD.
~M

-- 
Get Firefox!
http://getfirefox.com/
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss