Start by installing the necessary packages:
apt-get install krb5-user libnss-ldap libpam-krb5 libpam-ldap openafs-client openafs-modules-dkms libpam-afs-session
Modify /etc/pam_ldap.conf and /etc/libnss-ldap.conf to look like this:
base dc=example,dc=com
uri ldap://ip.to.ldap.host
ldap_version 3
Add ldap to passwd and group lines in /etc/nsswitch.conf, it should now look like this:
passwd: compat ldap
group: compat ldap
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Add host principal, (the reverse dns for client must also point towards it’s hostname (client.domain)):
kadmin -p root/admin
addprinc -randkey host/client.domain
ktadd host/client.domain
Enable GSSAPI Authentication in SSH server by this to /etc/ssh/sshd_config
GSSAPIAuthentication yes
Also enable GSSAPI in the SSH client by adding this to /etc/ssh/ssh_config:
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes