SUSE Linux Documentation Chapter 46. Installing and Administering Kerberos / 46.6. Configuring a Kerberos Client with YaST
	46.5. Manually Configuring Kerberos Clients		46.7. Remote Kerberos Administration

Configuring a Kerberos Client with YaST

As an alternative to the manual configuration described above, use YaST to configure a Kerberos client. Proceed as follows:

Log in as root and select Network Services+Kerberos Client.
Select Use Kerberos.
To configure a DNS-based Kerberos client, proceed as follows:
1. Confirm the Basic Kerberos Settings that are displayed.
2. Click Advanced Settings to configure details on ticket-related issues, OpenSSH support, and time synchronization.
To configure a static Kerberos client, proceed as follows:
1. Set Default Domain, Default Realm, and KDC Server Address to the values that match your setup.
2. Click Advanced Settings to configure details on ticket-related issues, OpenSSH support, and time synchronization.

Figure 46.1. YaST: Basic Configuration of a Kerberos Client

To configure ticket-related options in the Advanced Settings dialog, choose from the following options:

Specify the Default Ticket Lifetime and the Default Renewable Lifetime in days, hours, or minutes (using the units of measurement d, h, and m, with no blank space between the value and the unit).
To forward your complete identity to use your tickets on other hosts, select Forwardable.
Enable the transfer of certain tickets by selecting Proxiable.
Keep tickets available with a PAM module even after a session has ended by enabling Retained.
Enable Kerberos authentication support for your OpenSSH client by selecting the corresponding check box. The client then uses Kerberos tickets to authenticate with the SSH server.
Exclude a range of user accounts from using Kerberos authentication by providing a value for the Minimum UID that a user of this feature must have. For instance, you may want to exclude the system administrator (root).
Use Clock Skew to set a value for the allowable difference between the time stamps and your host's system time.
To keep the system time in sync with an NTP server, you can also set up the host as an NTP client by selecting NTP Configuration, which opens the YaST NTP client dialog that is described in Section 32.1, “Configuring an NTP Client with YaST”. After finishing the configuration, YaST performs all the necessary changes and the Kerberos client is ready for use.

Figure 46.2. YaST: Advanced Configuration of a Kerberos Client