Sunday, April 16, 2017

Learning Kerberos (again)


So I decided to refresh my Kerberos knowledge. Turned out I couldn't really describe the whole service auth process from scratch so started digging into complete explanation. Didn't manage to find in in one complete useful document, but compiled a list of great sources. The links are in order I read 'em to obtain complete and thorough knowledge enough for my daily duties.

1. Microsoft's Basics Concepts — A good place to start, nicely laid out but illustrations aren't the best in 2017.
2. ELI 5 Kerberos — Not really the ELI5-style after all, but this one if good to refresh the order of the actual user interaction with KDC and TGS.
3. Moron's Guide to Kerberos — Actually, I recommend to read this after the first link. Really helps to build the big picture.
4. Kerberos.org — the tech info you would still need to know after all you read.

Nothing special, really, and the articles are easily googled in a minute but anyway, helped me a lot.

Sunday, February 12, 2017

Debian Jessie, Kerberos, Cross-Forest AD authentication and all that pam_regex



Had a need to allow users of forest FOREST-B to authenticate to Linux machines of forest FOREST-A. More of that, needed to grant them sudo access. Google-foo didn't help much as most people just need to authenticate their users inside one forest (which is well-covered already and pretty standard setup anyway). Poking around PAM and Kerberos eventually helped me to complete the task.