There are several free Kerberos implementations, but the most widely known are probably Heimdal and MIT. We primarily use MIT here at UMBC.

Installation

Here are links to the most popular Kerberos implementations. Follow their documentation in order to install Kerberos, or if your operating system distributes its own Kerberos implementation, consult that.

• Kerberos: The Network Authentication Protocol (MIT)

• The Heimdal Kerberos 5 Implementation

Configuration

Once you've installed Kerberos, you'll need to create a configuration file. On UNIX systems this file is typically /etc/krb5.conf, but the precise location may vary; refer to your implementation's documentation. Here is a minimal sample configuration that should get you going:

krb5.conf

If you plan on using GSSAPI and Kerberos to authenticate to our GL systems, you will also want to make sure that you have the following options enabled in your SSH client configuration:

~/.ssh/config

The first option allows you to login to the GL systems using your Kerberos credentials, the second forwards them to the server in to which you're logging in (so that you can acquire AFS tokens and access your home directory).  If you're unsure where to find these lines (or where to add them), consult your SSH client documentation.

Testing

To verify that your Kerberos configuration is working, open a terminal and type the kinit command (if your local login is different from your myUMBC username, supply it as an argument to the command):

kherna1@localhost (Mac OS X 10.9.5)

Once you've successfully authenticated, you can use the klist command to verify that you've been granted a ticket:

kherna1@localhost (Mac OS X 10.9.5)