On Thu, Oct 20, 2011 at 01:07:45PM -0600, peter.stauff...@boehringer-ingelheim.com wrote: > Hi, > > How can I get Kerberos tickets at login? > > When I login to my workstation, the account is authenticated against AD. >
Peter, How is the account authenicated against AD? We're doing this here but accessing AD as an LDAP server. > But with klist, no ticket is displayed, so to get a Kerberos ticket, an > additional call to kinit is required. > It sounds like your /etc/krb5.conf file is correct as you are able to get Kerberos tickets. > Which configuration options can be used on SL 5.5, to get Kerberos tickets > immediately after login? > In System -> Administration -> Authentication, there is a checkbox to enable Kerberos support for Authentication as well as Configure your Kerberos settings. It's been quite a while since we set this up and I can't remember if this was sufficient or additional manual configuration was required. The important part of Kerberos getting tickets automatically is in /etc/pam.d/system-auth. Here we have the following line in the auth section: auth sufficient pam_krb5.so use_first_pass (There are similar lines in other sections.) This works for us here, and has worked with a different (ie non-AD) LDAP server. The only caveat to this, is that for this to work properly, passwords must be synchronized between LDAP and AD. If you have any other questions on this, please feel free to ask. I hope this helps. Steven Leikeim -- Steven Leikeim, GSEC-Gold | We, the willing Schulich School of Engineering | led by the unknowing Information Technologies | are doing the impossible | for the ungrateful. University of Calgary | We have done so much Calgary, Alberta | for so long with so little | we are now qualified Phone: (403) 220-5373 | to do anything with nothing.