- Download the pam_krb5 library from SourceForge. This is the PAM authentication library necessary for Kerberos 5 to work in a PAM enabled service.
- Extract and Compile: I extracted the file in my Downloads directory and then compiled it right there. Be sure you have Xcode installed, because you will need gcc. I compiled it on a local machine and then copied the library to my server. Once you run ./configure and get it to pass, just run make. The library will be placed in the .lib directory (which is hidden). You can then copy the pam_krb5.so file to the necessary spot or to a jump drive to drop on your server.
- Place the pam_krb5.so module into the /usr/lib/pam/ directory on the server. SSH gets its authentication information through PAM, so having the library here is crucial.
- Edit the /etc/pam.d/sshd configuration file to look like the following: #sshd: auth account password session auth required pam_nologin.so auth optional pam_afpmount.so auth sufficient pam_securityserver.so auth sufficient pam_krb5.so auth sufficient pam_unix.so auth required pam_deny.so account required pam_securityserer.so password required pam_deny.so session required pam_launchd.so session sufficient pam_krb5.so session optional pam_afpmount.so
- On your Mac OS X computer, create (if you don't have one already) a config file in your ~/.ssh/ directory with the following command: GSSAPIAuthentication yes
And that's it! You can now log into any kerberized server using SSH, not need a password, or even build a public-private key structure.