← all posts

Setting up Kerberos for passwordless SSH access to UoY machines

tl;dr:

  1. install krb5-user (if it prompts you for a “default realm”, just leave it blank)

  2. add the UoY Kerberos server details to /etc/krb5.conf:

    [realms]
    YORK.AC.UK = {
        kdc = auth.york.ac.uk
        kdc = auth0.york.ac.uk
        kdc = auth1.york.ac.uk
        kdc = auth2.york.ac.uk
        admin_server = authm.york.ac.uk
    }
    
  3. get a ticket: kinit $user@YORK.AC.UK

  4. ssh -K teaching0.york.ac.uk

Further reading

Q: “why is kerberos the way it is?”
A: http://web.mit.edu/Kerberos/dialogue.html