> It depends on what the expectations are for these user-owned machines.
>
>
> Only expectation is to be able to log in to a server, get access to
> their home directory and be able to do their assignments, e.g., C++,
> Java or Python programming.
>
>
> If you don't need IPA identities and IPA users won't log into them, then
> they only need a working krb5.conf and DNS configured on them.
>
>
> So each device needs to drop in the krb5.conf file from the FreeIPA
> server? How does this work on a Windows client?
From the server? I wouldn't. It is likely going to need some hand-tuning
depending on your configuration. For example the server is going to have
a hardcoded KDC in it. You may or may not want that.
>
> So your students would log into their own controlled machine using their
> own local account, kinit student123@univ.edu
> <mailto:student123@univ.edu> and ssh using their
> credentials.
>
> The krb5.conf will tell the student machine how to contact the KDC.
> That's all that is necessary (beyond working DNS).
>
>
> I just tried this on another Fedora 33 workstation, dropped in the
> /etc/krb5.conf file and all I get is:
> kinit: No KCM server found while getting default ccache
You can comment the values out in /etc/krb5.conf.d/kcm_default_ccache to
change the default ccache type, or comment out the includes in krb5.conf
(probably easier).
> I'm puzzled as to what we'd need to tell/provide to a student, who is
> enrolled remotely and can't come on campus, to be able to connect to our
> server via their Windows or Mac laptop.
I don't know about Windows. I used the Windows MIT Kerberos packages a
decade or more ago and they worked fine with PuTTY (and IPA with
discovery) but whether that applies now or not I have no idea.
Mac I think should work similar to Linux: provide a krb5.conf and things
should just work. Again, you'll likely have to tweak the configuration
depending on what version of MIT Mac ships these days.
kinit --version
kinit (Heimdal 1.5.1apple1)
kinit: krb5_get_init_creds: unable to reach any KDC in realm OURDOMAIN.EDU, tried 0 KDCs