A Kerberos environment as described in Section 38.0, Network Authentication—Kerberos consists of several different components. A key distribution center (KDC) holds the central database with all Kerberos-relevant data. All clients rely on the KDC for proper authentication across the network. Both the KDC and the clients need to be configured to match your setup:
Check your network setup and make sure it meets the minimum requirements outlined in Section 39.1, Kerberos Network Topology. Choose an appropriate realm for your Kerberos setup, see Section 39.2, Choosing the Kerberos Realms. Carefully set up the machine that is to serve as the KDC and apply tight security, see Section 39.3, Setting Up the KDC Hardware. Set up a reliable time source in your network to make sure all tickets contain valid timestamps, see Section 39.4, Configuring Time Synchronization.
Configure the KDC and the clients, see Section 39.5, Configuring the KDC and Section 39.6, Configuring Kerberos Clients. Enable remote administration for your Kerberos service, so you do not need physical access to your KDC machine, see Section 39.7, Configuring Remote Kerberos Administration. Create service principals for every service in your realm, see Section 39.8, Creating Kerberos Service Principals.
Various services in your network can make use of Kerberos. To add Kerberos password-checking to applications using PAM, proceed as outlined in Section 39.9, Enabling PAM Support for Kerberos. To configure SSH or LDAP with Kerberos authentication, proceed as outlined in Section 39.10, Configuring SSH for Kerberos Authentication and Section 39.11, Using LDAP and Kerberos.