Page tree


These information are provided "as-is", and might need an experienced sysadmin to implement them on a given distribution.

Should you run your system in the DESY internal network, make sure to follow the RSR rules:

and have the following form filled in:


  • Enable automatic updates for your distribution, and reboot if needed
  • Do not run distributions that are out of support.

Getting Kerberos configured as a client

  • we usually install MIT Kerberos clients
  • have a look at /etc/krb5.conf on a PAL most similar to your machine (e.g. for an EL example or for Ubuntu) to get the current parameters
  • We usually do not provide kerberos keytabs to non-IT managed systems


  • LDAP integration for DESY users and password is difficult. We suggest that you use local accounts with same name and UID/GID as your DESY account.
  • Should you need LDAP support: basic parameters for configuration are (status 6.12.2019)
    id_provider = ldap
    ldap_uri = ldap://,ldap://,ldap://
    ldap_search_base = ou=RGY,o=DESY,c=DE
    ldap_group_member = uniqueMember
    auth_provider = krb5
    krb5_server =,,
    krb5_realm = DESY.DE
  • You need to adjust PAM and /etc/security/... files

SSH client and server

  • Please have a look at /etc/ssh/ssh_config and /etc/ssh/sshd_config on a DESY configured machine

Postfix configuration


  • have a look at /etc/ntp.conf on a reference system

Network and resolution

  • should be configured by DHCP


  •  have a look at /etc/cups/client.conf on a reference system and adapt this to your group
  • No labels