Heimdal Kerberos Version 7.3.0 at first you have to check if your principal has renewable-tickets allowed: #serverside login into kerberos-database kadmin -l #list attributes (the attribute-section of the output should not contain something like ‘disallow-renewable’) kadmin> list -l <principal> … Continued
prerequisite 1: a working Domain-Name-System for all devices (DNS and rDNS), because the kerberos tickets uses DNS-names instead of IP-adresses. Without a working DNS resolution a connection can’t be established. myServer.com → 192.168.0.1 192.168.0.1 → myServer.com #check DNS resolution dig … Continued
prerequisite: working Kerberos configuration #/etc/krb5.conf (minimal example) [libdefaults] default_realm = <MY-REALM> [realms] <MY-REALM> = { kdc = <IP-adress> admin_server = <IP-adress> } kerberized login: #/etc/pam.conf (without support for X Desktop Environment) login auth required pam_krb5.so login account required pam_krb5.so … Continued