LDAP Kerberos authentication on linux

Asked Jul 31 '15 at 08:07

Active Jul 31 '15 at 08:07

Viewed 626 times

I have configured my RHEL linux machine to be authenticated against active directory without being joining it to domain, using nss-pam-ldapd pam_ldap samba-winbind openldap-devel krb5-devel. I am able to login on linux machines using active directory accounts, but I am not sure if the kerberos is being used during authentication, because I dont see the TGT in linux machine's local cache, but when I use "kinit username" and then check with klist I do see the TGT. I am little confused, on how to confirm if the kerberos is being used or not.

Thanks, Subodh.

asked Jul 31 '15 at 08:07

Subodh

You could run tcpdump/tshark on the RHEL host console and see if any kerberos connections go on while you log on in another window. I suspect you are logging on via LDAP, though – Andy Jul 31 '15 at 10:40
Hi, Thanks, I did check that with tcpdump -I eth1 port 88 and I get below response. 16:16:11.668583 IP MyLinuxBox.46509 > MyWindowsDomainController.kerberos: v5 16:16:11.669810 IP MyWindowsDomainController.kerberos > MyLinuxBox.46509: I think its using kerberos. :-) – Subodh Aug 27 '15 at 14:20

LDAP Kerberos authentication on linux

0 Answers0