Próxima revisión | Revisión previaÚltima revisiónAmbos lados, revisión siguiente |
es:howtos:network_services:kerberizing_slackware_without_pam [2019/02/11 12:16 (UTC)] – creado slackwarespanol | es:howtos:network_services:kerberizing_slackware_without_pam [2019/02/15 19:33 (UTC)] – [Fuentes] slackwarespanol |
---|
| <note warning>En proceso. Victor</note> |
<!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> | <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> |
====== Install and configuring kerberos On Slackware without PAM ====== | ====== Instalar y configurar kerberos en Slackware sin PAM ====== |
| |
==== The KDC ==== | ==== El KDC ==== |
This procedure will result in a new Kerberos realm. If you already have access to a Kerberos KDC, you can skip to the client and application server parts. Also, the below procedure is very abbreviated and is not a substitute for reading the documentation supplied in the package or on the MIT Kerberos website. | Este procedimiento dará lugar a un nuevo dominio de Kerberos. Si ya tiene acceso a un KDC de Kerberos, puede saltar a las partes del cliente y del servidor de aplicaciones. Además, el siguiente procedimiento es muy breve y no sustituye la lectura de la documentación suministrada en el paquete o en el sitio web de MIT Kerberos. |
- Install krb (you can download and build it from http://slackbuilds.org/repository/14.1/network/krb5/) | - Instale krb (puede descargarlo y compilarlo desde http://slackbuilds.org/repository/14.1/network/krb5/) |
- Configure /etc/krb5.conf, /var/krb5kdc/kdc.conf and /var/krb5kdc/kadm5.acl . These files are examples which you should adjust after reading the Kerberos documentation. | - Configure /etc/krb5.conf, /var/krb5kdc/kdc.conf y /var/krb5kdc/kadm5.acl. Estos archivos son ejemplos que debe ajustar después de leer la documentación de Kerberos. |
**krb5.conf**<code> | **krb5.conf**<code> |
[domain_realm] | [domain_realm] |
} | } |
</code> | </code> |
**kdc.conf** | ** kdc.conf ** |
<code> | <code> |
[kdcdefaults] | [kdcdefaults] |
krb5adminprinc/admin *</code> | krb5adminprinc/admin *</code> |
| |
**3. ** Create DataBase | **3. ** Crear base de datos |
<code> | <code> |
/usr/kerberos/sbin/kdb5_util create -r EXAMPLE.COM -s | /usr/kerberos/sbin/kdb5_util create -r EXAMPLE.COM -s |
</code> | </code> |
**4.** Extract the admin server keys to /var/krb5kdc/kadm5.keytab. | **4.**Extraiga las claves del servidor de administración para /var/krb5kdc/kadm5.keytab. |
<code>/usr/kerberos/sbin/kadmin.local | <code>/usr/kerberos/sbin/kadmin.local |
kadmin.local: xst -k /var/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw | kadmin.local: xst -k /var/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw |
</code> | </code> |
**5.** Create host and other principals; extract to /etc/krb5.keytab | **5.** Crear host y otros principios; extraer a /etc/krb5.keytab |
<code> | <code> |
kadmin.local: ank -randkey host/fully.qualified.domain.name | kadmin.local: ank -randkey host/fully.qualified.domain.name |
</code> | </code> |
<code> | <code> |
**6.** Create admin, user principals | **6.** Crear admin, usuarios principales |
kadmin.local: ank krb5adminprinc/admin | kadmin.local: ank krb5adminprinc/admin |
kadmin.local: ank krb5userprinc | kadmin.local: ank krb5userprinc |
kadmin.local: quit | kadmin.local: quit |
</code> | </code> |
**7.** Create startup script /etc/rc.d/rc.krb5 | **7.** Crear script de inicio/etc/rc.d/rc.krb5 |
<note important>rc.krb5 - shamelessly ripped off from rc.samba from Slackware 13.0</note> | <note important>rc.krb5 - shamelessly ripped off from rc.samba from Slackware 13.0</note> |
<code> | <code> |
esac | esac |
</code> | </code> |
**8.** Start KDC daemons: | **8.** Arrancar demonio KDC: |
<code> | <code> |
# chmod +x /etc/rc.d/rc.krb5 | # chmod +x /etc/rc.d/rc.krb5 |
# /etc/rc.d/rc.krb5 start | # /etc/rc.d/rc.krb5 start |
</code> | </code> |
**9.** Remember to make the rc.krb5 script executable if you want the KDC to start automatically at boot. | **9.** Recuerde hacer que el script rc.krb5 sea ejecutable si desea que el KDC se inicie automáticamente en el arranque. |
Verify connectivity to KDC with kadmin, kinit: | Verifique la conectividad a KDC con kadmin, kinit: |
<code> | <code> |
$ kinit krb5userprinc | $ kinit krb5userprinc |
$ kadmin -p krb5adminprinc/admin | $ kadmin -p krb5adminprinc/admin |
</code> | </code> |
==== The Client ==== | ==== El Cliente ==== |
| |
This procedure will result in a client capable of retrievving Kerberos tickets from a KDC and allow Kerberos principals to login at the console. Successful console login by a principal will generate tickets in the user's cache. Failed login by a principal (because the principal doesn't exist, or the wrong password was supplied) should fall through to local authentications (/etc/shadow). Note: the principal must be associated with an account on the system, either in the local passwd database or via a network system such as NIS or LDAP. | Este procedimiento dará como resultado un cliente capaz de recuperar tickets de Kerberos de un KDC y permitirá a los principales de Kerberos iniciar sesión en la consola. El inicio de sesión exitoso en la consola por parte de un principal generará tickets en el caché del usuario. El inicio de sesión fallido por parte de un principal (debido a que el principal no existe, o se proporcionó una contraseña incorrecta) debe corresponder a las autenticaciones locales (/ etc / shadow). Nota: el principal debe estar asociado con una cuenta en el sistema, ya sea en la base de datos local de passwd o mediante un sistema de red como NIS o LDAP. |
| |
**1.** Install krb5 always http://slackbuilds.org/repository/14.1/network/krb5/ :-). | **1.** Instalar krb5 siempre de http://slackbuilds.org/repository/14.1/network/krb5/ :-). |
**2.** Setup /etc/krb5.conf: | **2.** Setup /etc/krb5.conf: |
**krb5.conf** | **krb5.conf** |
admin_server = kerberos-1.example.com:749 | admin_server = kerberos-1.example.com:749 |
}</code> | }</code> |
**3.** Verify kadmin, kinit working | ** 3. ** Verificar kadmin, kinit trabajando |
<code> | <code> |
$ kinit krb5userprinc | $ kinit krb5userprinc |
$ kadmin -p krb5adminprinc/admin | $ kadmin -p krb5adminprinc/admin |
</code> | </code> |
**4.** Add host principal, and extract host principal to /etc/krb5.keytab using kadmin and admin principal: | ** 4. ** Agregue el principal del host y extraiga el principal del host a /etc/krb5.keytab usando kadmin y el principal del administrador: |
<code># kadmin -p krb5adminprinc/admin | <code># kadmin -p krb5adminprinc/admin |
kadmin: ank -randkey host/fully.qualified.domain.name | kadmin: ank -randkey host/fully.qualified.domain.name |
kadmin: quit | kadmin: quit |
</code> | </code> |
====== Sources ====== | ====== Fuentes ====== |
<!-- If you are copying information from another source, then specify that source --> | <!-- If you are copying information from another source, then specify that source --> |
* Original source: [[http://arktur.shuttle.de/CD/Testpakete/Kerberos/krb5.html]] | * Fuente original:[[http://arktur.shuttle.de/CD/Testpakete/Kerberos/krb5.html]] |
<!-- Authors are allowed to give credit to themselves! --> | <!-- Authors are allowed to give credit to themselves! --> |
<!-- * Originally written by [[wiki:user:xxx | User X]] --> | <!-- * Originally written by [[wiki:user:xxx | User X]] --> |
* Contributions by [[wiki:user:jamesaxl | User jamesaxl]] | * Contribuciones por [[wiki:user:jamesaxl | User jamesaxl]] |
| * Traducido por: [[wiki:user: slackwarespanol | Victor]] 2019/02/15 19:29 (UTC) |
| |
<!-- Please do not modify anything below, except adding new tags.--> | <!-- Please do not modify anything below, except adding new tags.--> |
<!-- You must remove the tag-word "template" below before saving your new page --> | <!-- You must remove the tag-word "template" below before saving your new page --> |
{{tag>howtos network_services kerberizing_slackware_without_pam}} | {{tag>howtos network_services kerberizing_slackware_without_pam}} |