As an alternative to the manual configuration described above, use YaST to configure a Kerberos client. Proceed as follows:
Log in as root
and select + .
Select
.To configure a DNS-based Kerberos client, proceed as follows:
Confirm the
that are displayed.Click
to configure details on ticket-related issues, OpenSSH support, and time synchronization.To configure a static Kerberos client, proceed as follows:
Set
, , and to the values that match your setup.Click
to configure details on ticket-related issues, OpenSSH support, and time synchronization.To configure ticket-related options in the
dialog, choose from the following options:Specify the d, h, and m, with no blank space between the value and the unit).
and the in days, hours, or minutes (using the units of measurementTo forward your complete identity to use your tickets on other hosts, select
.Enable the transfer of certain tickets by selecting
.Keep tickets available with a PAM module even after a session has ended by enabling
.Enable Kerberos authentication support for your OpenSSH client by selecting the corresponding check box. The client then uses Kerberos tickets to authenticate with the SSH server.
Exclude a range of user accounts
from using Kerberos authentication by providing
a value for the root
).
Use
to set a value for the allowable difference between the time stamps and your host's system time.To keep the system time in sync with an NTP server, you can also set up the host as an NTP client by selecting Section 33.1, “Configuring an NTP Client with YaST”. After finishing the configuration, YaST performs all the necessary changes and the Kerberos client is ready for use.
, which opens the YaST NTP client dialog that is described in