Firstly we need to deactivate the nastiness that is NetworkManager and switch to configuring the network interface so that it comes up at boot time and uses DHCP to get an address and DNS configuration. This is done by using the
system-config-network tool as root and doing an “Edit” on the eth0 device. After finishing the alterations the networking needs restarting with
To make sure this continues to work after a reboot, as root, do:
chkconfig --levels 2345 NetworkManager off chkconfig --levels 2345 network on
As well as this, to get the machine to have the correct hostname and domain name, I had to edit /etc/hosts to look like:
127.0.0.1 localhost ::1 localhost 22.214.171.124 bowmore.inf.ed.ac.uk bowmore
and set the domainname like:
The next step is to start using kerberos for authentication and LDAP for user info. That is done using the
system-config-authentication tool, again as root. The LDAP base DN is
dc=inf,dc=ed,dc=ac,dc=uk and I used
ldap://infdir.inf.ed.ac.uk for the server.
For kerberos authentication the realm is
INF.ED.AC.UK, I didn’t list any KDCs but rather ticked both options to use DNS. The admin server is
If you don’t have AFS available then on the “Options” tab you probably want to select “Create home directories on first login”.
I can never be bothered with typing in my password all the time so the next step is to get kerberos up and running and then configure openssh appropriately. Nicely Fedora finally includes all the patches provided by Simon which we have been applying locally for years so no rebuilding is necessary.
The next step is to grab the
host principals for the specific machine. If it is a new machine you will need to create it first, if it already exists then (as root) you can do something like:
kadmin -p squinney/admin \ -q 'ktadd -k /etc/krb5.keytab host/foo.inf.ed.ac.uk' kadmin -p squinney/admin \ -q 'ktadd -k /etc/krb5.keytab hostclient/foo.inf.ed.ac.uk'
You can now configure openssh to work like a normal DICE machine. You will need to copy over
/etc/ssh/sshd_config to your f12 machine. Note that the daemon config file is only visible by root. After reconfiguration restart the sshd.
It should now be possible to ssh in without a password!