Jun 28


1.)  Make sure that Kerberos is installed on your linux distribution

2.)  Add the following to your /etc/krb5.conf file:

a.) [libdefaults]

default_realm = EXAMPLE.COM

rdns = no



kdc = example.com:88

admin-server = example.com

default_domain = example.com



.example.com = EXAMPLE.COM

2.)  run the following command “kinit domainUser”

ex.)  kinit jdoe

3.)  Put in the password when it prompts you.

5.)  run the following command “klist”  this shows your kerberos ticket.

If  you are using firefox for Single Sign On purposes then do the following:

6.)  Then open up firefox and go to about:config

7.)  then put in your site name for the following field “network.negotiate-auth.trusted-uris”


8.)  Make sure that the following: network.negotiate-auth.using-native-gsslib is set to true.

9.)  Make sure that your dns is pointed to the correct server as well.

10.)  Make sure that you have added uppercase and lowercase entries to your /etc/hosts file for your kerberos server.

11.)  Now you should be able to open up your website and click to authenticate using  kerberos.


If you are using Internet Explorer for Single Sign On purposes then do the following:

1.)  Join your computer to your kerberos Domain.

2.)  login to your pc using a kerberos domain user.

3.)  Setup the following for IE:

a.)  go to Tools -> Internet Options -> Click on the “Security” tab.

b.) Click on “Local Intranet” and then “Sites”

c.) Then Click on “Advanced”, Enter your site address here and click “Add”, then “Close”

4.)  Now you should be able to authenticate to your site using kerberos.

Leave a Reply

preload preload preload