Configuring Kerberos authentication on Red Hat Enterprise Linux 8 or later

To ensure a secure communication between Linux BigFix server and Active Directory, use the Kerberos protocol.

To integrate the Linux BigFix server with the Windows Active Directory domain using LDAP with Kerberos authentication, perform the following steps:
  1. Ensure that the host names are set correctly in both the Linux BigFix server and the Active Directory server.
  2. Manually configure the krb5.conf file.

Preliminary checks

Before running the integration between the BigFix server running on a Red Hat Enterprise Linux 8 or later system and the Active Directory server, ensure the following.
  • The Red Hat Enterprise Linux is at release 8.9 or higher.
  • The DNS host names of both the Red Hat Enterprise Linux and the Active Directory server are resolved correctly.

Manually configure krb5.conf file

Edit the /etc/krb5.conf file and add the following lines, replacing "TEM.TEST.COM", "tem.test.com" and “myHostName.tem.test.com" with the domain and hostname in your environment (note that the case must be respected).

Remember to specify the ports for "kdc" and "admin_server" values in case you are not using the default values (88 and 749 respectively):
default_realm = TEM.TEST.COM
[realms]
 TEM.TEST.COM = {
  kdc = myHostName.tem.test.com
  admin_server = myHostName.tem.test.com
 }
 
[domain_realm]
 tem.test.com = TEM.TEST.COM
 .tem.test.com = TEM.TEST.COM