This is my way to authenticate SSH/SFTP on CentOS 6.3 Entreprise using Active directory’s kerberos servers.
– Users on local host must have the exact name as users on windows AD’s.
– Kerbero’s udp/tcp ports should be openned between Centos and AD’s servers.
– All passwords for local users (CentOS) must be locked.
Be sure you can resolve the name of our Centos’s host with fully qualify domain name either from DNS or locally (/etc/hosts).
Check that your /etc/resolv.conf is well configured.
Locate the local users you want to authenticate using kerberos and lock theirs local passwords.
As authentication will be outside our box, all passwords on local box must be locked. To verify this:
Iptable’s firewall on CentOS must permit access to external’s windows AD servers. In case you don’t know, disable iptables:
Enable kerberos authentication on SSHD.
Change this line:
Restart SSHD to apply changes.
View original post 47 mots de plus