This information is out of date. Up-to-date IT information can be found here

Kerberos

The kerberos realm is a part of the Samba AD implementation, the realm name is AD.PUMPINGSTATIONONE.ORG.

PS1 Kerberos Client config:

/etc/krb5.conf

[libdefaults]
        default_realm = AD.PUMPINGSTATIONONE.ORG
        ticket_lifetime = 24h
        forwardable = yes
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true
        verify_ap_req_nofail = false
        check_pac = no
        kdc_timeout = 2
        max_retries = 1
        dns_lookup_realm = false

[realms]
        AD.PUMPINGSTATIONONE.ORG = {
                default_domain = ad.pumpingstationone.org
                kdc = bob.ad.pumpingstationone.org
                kdc = dc01.ad.pumpingstationone.org
                admin = bob.pumpingstationone.org
        }

[domain_realms]
        ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG
        .ad.pumpingstationone.org = AD.PUMPINGSTATIONONE.ORG

Apache SSO

Note: Replace 'rack' with host name of server.

Setting up the keytab:

msktutil -u -s HTTP --server bob
cp  /etc/krb5.keytab /usr/local/etc/apache24/krb5.keytab
ktutil -k /usr/local/etc/apache24/krb5.keytab remove -p rack\$
ktutil -k /usr/local/etc/apache24/krb5.keytab remove -p host/rack.ad.pumpingstationone.org
chown www /usr/local/etc/apache24/krb5.keytab

Configure Auth:

<Location />
            Authtype Kerberos
            AuthName "AD.PUMPINGSTATIONONE.ORG"
            KrbAuthoritative on
            KrbServiceName  HTTP/rack.ad.pumpingstationone.org
            Krb5Keytab /usr/local/etc/apache24/krb5.keytab
            KrbAuthRealms AD.PUMPINGSTATIONONE.ORG
            KrbMethodk5Passwd on
            KrbMethodNegotiate on
            Require valid-user
</Location>

SSH SSO

To enable kerberos SSO for your SSH client add the following lines to ~/.ssh/config

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
PreferredAuthentications gssapi-with-mic,publickey,keyboard-interactive,password