Configuring CentOS 6 for SSH and Kerberos

Get the krb5.conf

CentOS has the Kerberos tools installed by default. So no need to install those. First we'll need the krb5.conf configuration file. We probably don't need the whole configuration prepared by the CS, but it doesn't hurt to have it around either. Let's steal the file from hulk (sorry, you'll still have to login with a password):

sudo scp your_cs_id@hulk:/etc/krb5.conf /etc/krb5.conf

If you are running as root, you can omit the sudo prefix.

Install AFS tools

In order to use the Kerberos credentials to access the AFS file system, we need to install some AFS tools. But first, add a repository with the packages of those tools:

sudo vim /etc/yum.repos.d/openafs.repo

Copy the following lines to /etc/yum.repos.d/openafs.repo:

[openafs]
name=OpenAFS 1.6.1 for RHEL $releasever - $basearch
baseurl=http://dl.openafs.org/dl/openafs/1.6.1/rhel-$releasever/$basearch/
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OPENAFS
priority=10

Now install the openafs-krb5 package:

sudo yum install openafs-krb5

And finally, create a configuration file for the AFS tools:

sudo mkdir /usr/vice
sudo mkdir /usr/vice/etc
sudo vim /usr/vice/etc/ThisCell

Copy the following line into file ThisCell:

cs.stanford.edu

}

Configure the SSH client

Open the SSH client configuration file:

sudo vim /etc/ssh/ssh_config

And make sure that the following is set:

Host *
   GSSAPIAuthentication yes
   GSSAPIDelegateCredentials yes
   GSSAPIKeyExchange yes