I am outlining the steps for setting up Kerberos on Ubuntu for Integrated Authentication. The Kerberos packages are installed by default on macOS, and the configuration on macOS is the same as Ubuntu. I have tested these steps with Integrated Auth of our development version of SqlClient on Ubuntu1404, 1604 and macOS.
Joining the domain on linux doesn’t guarantee a Kerberos ticket will be generated for use by GSSAPI. The following are the minimum steps necessary to test Integrated Auth on Linux. For further automation where the tickets may need to be renewed on a regular basis or without human intervention, the users can use the KeyTab file.
For Integrated Authentication setup on Linux
-
Install krb5-user package using apt-get. This would provide the kinit command the configurations needed to interact with Active Directory.
-
Configure the KDC in krb5.conf file. You could also get the KDC details from the domain controller admin of the organization.