Native FreeBSD Kerberos/LDAP with FreeIPA/IDM
7 days ago
- #FreeBSD
- #FreeIPA
- #Kerberos
- Article credits Christian Hofstede-Kuhn (Larvitz) for the original work on integrating FreeBSD 15 with FreeIPA.
- Motivations include maintaining personal documentation, providing detailed commands/outputs, and enabling local console login.
- FreeBSD 15.0-RELEASE's switch from Heimdal to MIT Kerberos enables this new method.
- Previous methods required custom package compilations and complex setups with sssd(8).
- New method uses MIT Kerberos and nslcd(8) from net/nss-pam-ldapd (LGPL21/LGPL3 licensed).
- Steps include switching pkg repository, installing necessary packages, and configuring DNS/hosts.
- Keytab setup and verification for Kerberos authentication.
- Configuration of nslcd(8) for LDAP and modification of /etc/nsswitch.conf for LDAP integration.
- SSH setup for Kerberos/GSSAPI authentication and automatic home directory creation with pam_mkhomedir.so.
- sudo(8) and doas(1) configurations for wheel group permissions.
- Enabling console login for FreeIPA users by modifying /etc/pam.d/system.