installing krb5 libraries on your computer

If you are interacting with the machines at CAL from your own computer, you will probably find it useful to have a set of Kerberos 5 libraries (also called krb5) installed on your machine to facilitate secure communication with services in the CAL Kerberos Domain.

Most modern operating systems come with some reasonable version of krb5 installed.

  • on debian GNU/Linux systems and their derivatives (such as ubuntu), the packages are installed by most normal installs. However, if you can't find the krb5 utilities on your system, you can install them with:
    apt-get install krb5-user
    

Feel free to add instructions here for your favorite operating system!

krb5 configuration

You may need to modify /etc/krb5.conf on your local machine to enable you to talk to CAL. There are two ways to do this (you only need to do one!):

  • The CAL Kerberos Domain publishes its KDC choices in dns, so you can add the following lines to the [libdefaults] section of /etc/krb5.conf:
     dns_lookup_realm = true
     dns_lookup_kdc = true
     default_realm = ASTRO.COLUMBIA.EDU
    
  • You can add the following stanza to the [realms] section of /etc/krb5.conf:
     ASTRO.COLUMBIA.EDU = {
      kdc = terra.astro.columbia.edu:88
      kdc = mars.astro.columbia.edu:88
      admin_server = terra.astro.columbia.edu
      default_domain = astro.columbia.edu
     }
    

Using Kerberos

To use Kerberos or GSSAPI services at CAL once you have these libraries installed, you'll need to be able to manage your Kerberos Credentials Cache.