Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006 Installation Manual page 866

Services such the SSH daemon read this key and use it to obtain new tickets automati-
cally when needed. The default keytab file resides in /etc/krb5.keytab.
To create a host principal for test.example.com, enter the following commands
during your kadmin session:
kadmin -p newbie/admin
Authenticating as principal newbie/admin@EXAMPLE.COM with password.
Password for newbie/admin@EXAMPLE.COM:
kadmin:
WARNING: no policy specified for host/test.example.com@EXAMPLE.COM;
defaulting
to no policy
Principal "host/test.example.com@EXAMPLE.COM" created.
Instead of setting a password for the new principal, the -randkey flag tells kadmin
to generate a random key. This is used here because no user interaction is wanted for
this principal. It is a server account for the machine.
Finally, extract the key and store it in the local keytab file /etc/krb5.keytab.
This file is owned by the superuser, so you must be root to execute the next command
in the kadmin shell:
kadmin:
Entry for principal host/test.example.com with kvno 3, encryption type Triple
DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/test.example.com with kvno 3, encryption type DES
cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
kadmin:
When completed, make sure that you destroy the admin ticket obtained with kinit above
with kdestroy.
47.9 Enabling PAM Support for
SUSE® Linux Enterprise comes with a PAM module named pam_krb5, which supports
Kerberos login and password update. This module can be used by applications, such
as console login, su, and graphical login applications like KDM, where the user presents
a password and would like the authenticating application to obtain an initial Kerberos
ticket on his behalf.
866 Installation and Administration
addprinc -randkey host/test.example.com
ktadd host/test.example.com
Kerberos