I’ve been trying to get Kerberos and LDAP working such that I can share users between multiple machines on a network, similar to how a traditional Windows AD domain would work, except in my case all machines will be Linux.
I’ve got as far as setting up Kerberos on the server and a test client with the domain/realm TEST(DOT)RHYSPERRY(DOT)COM. I can test it’s working as I can use kinit on the test client to get a ticket for a user principal created on the server.
I’m currently however struggling how I would get this configured to the point where I can create a user on the server, and then I can fully log in as that user from the client machine e.g. from gdm. I’ve had a look around, and most articles seem to suggest that LDAP can be used for this, however I’ve so far been unsuccessful in configuring LDAP to work with Kerberos. The Arch Wiki article for LDAP doesn’t mention Kerberos at all.
I also recognize that I might want to spin up another server (the entire network and machines are virtual for now while I test things) for storage e.g. for an NFS /home mount.
Any tips or pointers are appreciated. I’ve not been able to find any articles that cover the entirety of the process from start to finish, so it’s kinda hard to understand how every bit fits together.
Both the server and all the clients will be running Arch. (yes I know, but it’s what I’m familiar with and what I’m comfortable with)
Note: The domain redirects to a rickroll from the internet (I forgot about that), but I’m only using kerberos on my local network so it’s fine