Kerberos authencation + Certificate module

malvank · May 28, 2015, 7:16pm

Has there been any considerations to implement a kerberos module for the SME solution and secure all communication with it? I suppose this would also make sense to have a more advanced certificate module in place?

gist.github.com

https://gist.github.com/ashrithr/4767927948eca70845db

kerberos_setup.md

# Installing Kerberos on Redhat 7

This installation is going to require 2 servers one acts as kerberos KDC server
and the other machine is going to be client. Lets assume the FQDN's are (here
`cw.com` is the domain name, make a note of the domain name here):
  * Kerberos KDC Server: kdc.cw.com
  * Kerberos Client: kclient.cw.com

> Important: Make sure that both systems have their hostnames properly set and
> both systems have the hostnames and IP addresses of both systems in

This file has been truncated. show original

kerberos_ssh.md

# Setting up SSH to use Kerberos Authentication

**Pre-Req**: Make sure you can issue a `kinit -k host/fqdn@REALM` and get back a kerberos ticket without having to specify a password.

## Step1: Configuring SSH Server

Configure `/etc/ssh/sshd_config` file to include the following lines:

```
KerberosAuthentication yes

This file has been truncated. show original

filippo_carletti · May 28, 2015, 8:51pm

I think that there are plans for kerberos on NethServer 7.
A better certificate manager seems to be on the todo list since a couple of years:
http://dev.nethserver.org/issues/1743