Wichtig ist, dass in der /etc/fstab der fstype auf nfs ist, und
keinesfalls nfs4 - die version muss (wenn überhaupt) zwingend per
parameter nfsvers gesetzt werden.
Firewall
allow port 88, TCP and UDP for Kerberos v5
allow port 749, TCP and UDP for kadmin if you plan to configure it
Kerberos Ticket beim Anmelden eines Benutzers automatisch anfordern
pacman -S pam-krb5
/etc/pam.d/system-local-login
auth include system-login
auth optional pam_krb5.so minimum_uid=1000 use_first_pass
account include system-login
account optional pam_krb5.so minimum_uid=1000 use_first_pass
password include system-login
session include system-login
session optional pam_krb5.so
/etc/pam.d/sddm
auth include system-login
auth optional pam_krb5.so minimum_uid=1000 use_first_pass
account include system-login
account optional pam_krb5.so minimum_uid=1000 use_first_pass
password include system-login
session include system-login
session optional pam_krb5.so
Kerberos remote admin
Dienste starten
systemctl start krb5-kadmind.service
Admin anlegen
kadmin.local
kadmin.local: addprinc user/admin@EXAMPLE_REALM
WARNING: no policy specified for user/admin@EXAMPLE_REALM; defaulting to no policy
Enter password for principal "user/admin@EXAMPLE_REALM": ***
Re-enter password for principal "user/admin@EXAMPLE_REALM": ***
Principal "user/admin@EXAMPLE_REALM" created.