Testing a remote connection
© 2014 Dennis Leeuw dleeuw at made-it dot com
If you used the correct SRV entries in the DNS server, all that is needed on a Kerberos client is a /etc/krb5.conf file that reads like this:
[libdefaults] dns_lookup_realm = true dns_lookup_kdc = trueAll other information needed by the client is provided by DNS.
The test is done by using kinit. kinit is provided the krb5-user package on Debian based systems and by krb-workstation on Red Hat based systems. The first thing you need to do is getting a ticket:
kinit <username>If you run kinit with or as the username that belongs to an existing principal you should get no response when you type the correct kerberos password. To check that the logon succeeded type klist which should respond with something like:
Ticket cache: FILE:/tmp/krb5cc_666 Default principal: dleeuw@EXAMPLE.COM Valid starting Expires Service principal 09/18/2014 15:08:15 09/19/2014 15:08:15 krbtgt/EXAMPLE.COM@EXAMPLE.COM renew until 09/18/2014 15:08:15
kdestory throws all tickets away.