[Howto] KERBEROS and PAM – www.ronny-mueller.com

prerequisite: working Kerberos configuration

#/etc/krb5.conf (minimal example)
[libdefaults]
 default_realm = <MY-REALM>

[realms]
<MY-REALM> = {
   kdc = <IP-adress>
   admin_server = <IP-adress>
 }

kerberized login:

#/etc/pam.conf (without support for X Desktop Environment)
login auth     required    pam_krb5.so
login account  required    pam_krb5.so
login password sufficient  pam_krb5.so
login session  required    pam_krb5.so

#/etc/pam.conf (with support for X Desktop Environment)
login auth     required    pam_krb5.so
login account  required    pam_krb5.so
login password sufficient  pam_krb5.so
login session  required    pam_krb5.so
login session  required    pam_systemd.so

kerberized su:

#/etc/pam.conf
su auth     required   pam_krb5.so
su account  required   pam_krb5.so
su password sufficient pam_krb5.so
su session  required   pam_krb5.so
su session  required   pam_systemd.so