How to Configure Kerberos

For help or if you have questions or problems, please contact the Solution Center, 192 Parks Library, solution@iastate.edu or call IT Services at 294–4000.

Table of Contents

About Kerberos
Configuring Kerberos For Iowa State

About Kerberos

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology.

Configuring Kerberos For Iowa State

IT Services has put together a Kerberos Configuration installer that will install the Kerberos preference file that has been configured for Kerberos 5 for use at Iowa State.

You can download this Kerberos Configuration installer from http://tech.its.iastate.edu/macosx/downloads/KerberosConfig–0510.dmg (594 KB download).

To configure Kerberos 5 for use at Iowa State, double-click on the KerberosConfig–0510.dmg file if it did mount, then double-click on the KerberosConfig5.pkg installer package.

The Kerberos Preference File

The Kerberos preference file is located at /Library/Preferences/edu.mit.Kerberos and contains this information:

[libdefaults]
ticket_lifetime = 36000
default_realm = IASTATE.EDU
allow_weak_crypto = TRUE
noaddresses = TRUE
forwardable = TRUE

[realms]
IASTATE.EDU = {
    kdc = kerberos-1.iastate.edu.:88
    kdc = kerberos-2.iastate.edu.:88
    admin_server = kerberos-1.iastate.edu.
    default_domain = iastate.edu
}

[domain_realm]
.iastate.edu = IASTATE.EDU
iastate.edu = IASTATE.EDU

Last Updated July 19, 2016

IT Services Technical Notes

How to Configure Kerberos

About Kerberos

Configuring Kerberos For Iowa State

The Kerberos Preference File