Any Kerberos environment must meet the following requirements to be fully functional:
Provide a DNS server for name resolution across your network, so clients and servers can locate each other. Refer to Section 22.0, The Domain Name System for information on DNS setup.
Provide a time server in your network. Using exact time stamps is crucial to a Kerberos setup, because valid Kerberos tickets must contain correct time stamps. Refer to Section 24.0, Time Synchronization with NTP for information on NTP setup.
Provide a key distribution center (KDC) as the center piece of the Kerberos architecture. It holds the Kerberos database. Use the tightest possible security policy on this machine to prevent any attacks on this machine compromising your entire infrastructure.
Configure the client machines to use Kerberos authentication.
The following figure depicts a simple example network with just the minimum components needed to build a Kerberos infrastructure. Depending on the size and topology of your deployment, you might need to use a different setup.
Figure 39-1 Kerberos Network Topology
HINT: Configuring Subnet Routing
For a setup similar to the one in Figure 39-1, configure routing between the two subnets (192.168.1.0/24 and 192.168.2.0/24). Refer to Configuring Routing for more information on configuring routing with YaST.