Kerberos

The Active Directory of the D.ETHZ.CH domain provides the Kerberos service for ETH. Kerberos can be used just to verify authentication but also to access NFS4 (and CIFS) shares on Linux systems.

Kerberos uses tickets with a limited life time that can be used instead of a password for authentication. To get a ticket an ETH user name and the ETH password for email is needed.

Kerberos works best if only ETH user name names are used, also for local users.

Configuration

Configuring Kerberos on a Linux system can be simple or extensive, depending on what is needed:

Obtaining Tickets

A local user can use the kinit, klist and kdestroy utilities once the minimal configuration is done.

To get a ticket run

kinit

To list your ticket(s) run:

klist

To destroy your ticket run:

kdestroy

For security reasons it is good practice to destroy tickets when not needed anymore, expecially on multi-user systems.

Page URL: https://isg.inf.ethz.ch/bin/view/Main/HelpDesktopsAndLaptopsLinuxKerberos
2024-03-29
© 2024 Eidgenössische Technische Hochschule Zürich