Installing Fermi Kerberos
on a UNIX System
Note that you can install and use Kerberos software from any source, as long
as it is configured properly to comply with the Fermilab Computing Policy.
Before You Install Kerberos
Choose your Installation Method:
UPD or RPM
UPS/UPD (We recommend this for people running servers in the UPS
framework. ). Advantages:
- ease of use for UPS/UPD configurations
- lots of debugging has been done
- much accumulated wisdom on steps that need to be checked to satisfy the
FNAL policy requirements.
RPM (We recommend this installation for people using the
stock FRHL configuration.). Two pros and a con:
- the potential for automatic updates via the AutoRPM service
- the closer alignment with stock RH product management tools
- increased ease of use for non-FNAL/non-UPS/UPD configurations
Pre-install Steps
|
Obtain a Kerberos principal for yourself
|
Go to: Form to
Request Kerberos Principal and/or Related Items |
|
Create an account on the machine that matches your principal
|
|
|
Determine if you need to allow incoming login or FTP over the network and/or
offer services. If so, you need to obtain host and service principals.
|
|
|
Synchronize your machine with a time server
|
|
Installing Kerberos
Kerberos installation steps for a variety of systems are documented in parts
IV and V of the manual. Here is a
list of steps for installing Fermi RedHat Linux 6.x or 7.x (fully documented in
Chapter
15: Installing Fermi Kerberos on a RedHat Linux System).
- Install Fermi RedHat
Linux; instructions at
http://www.fnal.gov/cd/unix/linux/
- Install AFS (optional)
- Install Kerberized ssh
- Install the RedHat Linux
RPMs for the libraries and other files that the KRB5 PAMs rely on.
- Install kerberos, and perform the
configuration steps as outlined in manual.
Lots of information has been exchanged on the
kerberos-users@fnal.gov
mailing list regarding Kerberos installations.
