Table of Contents

Kerberos services are provided to those who have a need to access machines on the local network. In general, all new non-system users are added into Kerberos.

Kerberos Setup

There are several good guides to setting up Kerberos; they will not be repeated here. However, there are some things you will need to know. The realm that is in use is CRUSTYTOOTHPASTE.NET, and it only supports Kerberos 5.

You will need to know that the KDCs are castro.crustytoothpaste.net and blackhole.crustytoothpaste.net; the latter is the adminstrative server. Services that exist on castro will need to use the castro name; the unadorned crustytoothpaste.net will not work.

Services on the network that use Kerberos usually use GSSAPI; they never use your Kerberos password as simply a way to authenticate against PAM. Therefore, you should not need to type your Kerberos password except to log yourself in, authenticate yourself with kinit, or change your password with kpasswd.

If you use Mac OS X, you should already have Kerberos support.