命令:
sudo apt-get install krb5-user
查看kinit 是否安装:
which kinit
配置文件:
krb5.conf放到/etc目录下
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = XIAONEI.OPI.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 96h
forwardable = yes
[realms]
XIAONEI.OPI.COM = {
kdc = kerberos.opi.com:88
kdc = kerberos2.opi.com:88
admin_server = kerberos.opi.com:749
default_domain = opi.com
}
[domain_realm]
.opi.com = XIAONEI.OPI.COM
opi.com = XIAONEI.OPI.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
确认启用了GSSAPIAuthentication认证
/etc/ssh/ssh_conf 中的 GSSAPIAuthentication yes
如果需要票据漫游 把 GSSAPIDelegateCredentials 也设为 yes
登陆服务器
ssh root@10.4.16.222