Ok. Guys, this is how I configure Kerberos 5
1) /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5li bs.log
kdc = FILE:/var/log/krb5kd c.log
admin_server = FILE:/var/log/kadmin d.log
[libdefaults]
ticket_lifetime = 24000
default_realm = INDEX.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
INDEX.COM = {
kdc = muruga.index.com:88
admin_server = muruga.index.com:749
default_domain = index.com
}
[domain_realm]
.index.com = INDEX.COM
index.com = INDEX.COM
[kdc]
profile = /var/kerberos/krb5kd c/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
2) /etc/krb.conf
INDEX.COM
INDEX.COM muruga.index.com:88
INDEX.COM kerberos.index.com:7 50 admin server
3) /etc/krb.realms
.index.com INDEX.COM
4) /var/kerberos/krb5kd c/kdc.conf
[kdcdefaults]
acl_file = /var/kerberos/krb5kd c/kadm5.acl
dict_file = /usr/share/dict/word s
admin_keytab = /var/kerberos/krb5kd c/kadm5.keytab
v4_mode = nopreauth
kdc_ports = 88,749
[realms]
INDEX.COM = {
master_key_type = des-cbc-crc
supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrea lm des3-hmac-sha1:norma l des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
}
6) /var/kerberos/krb5kd c/kadm5.acl
root@INDEX.COM *
The log files are /var/log/kadmind.log , krb5kdc.log and /krb5libs.log
7) First we create the database with this command
krb5_util create -s
This will ask for password. Enter it.
8) Now enter following
kadmil.local -p root@INDEX.COM
It takes us to kadmin console. Do as follows
kadmin.local: addprinc root@INDEX.COM
It asks for password. Enter it.
9) Now we need to add host.
kadmin.local: addprinc -randkey host/muruga.index.co m
10) Now start server kerberos.
krb5kdc start
kadmin start
11) Next we need to setup keytab file as follows.
kadmin -p root@INDEX.COM
kadmin5: ktadd host/muruga.index.co m
12) In workstation copy the krb5.conf from server to client & used kerberised client like telnet and ftp.
Ok boys thats it for now
No comments:
Post a Comment