[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
howtos:network_services:kerberizing_slackware_without_pam [2015/11/28 02:34 (UTC)] – jamesaxl | howtos:network_services:kerberizing_slackware_without_pam [2015/11/28 03:36 (UTC)] – [Sources] jamesaxl | ||
---|---|---|---|
Line 46: | Line 46: | ||
krb5adminprinc/ | krb5adminprinc/ | ||
- | **3. Create DataBase** | + | **3. ** Create DataBase |
< | < | ||
/ | / | ||
</ | </ | ||
- | Extract the admin server keys to / | + | **4.** |
< | < | ||
kadmin.local: | kadmin.local: | ||
- | Create host and other principals; extract to / | + | </ |
+ | **5.** | ||
+ | < | ||
kadmin.local: | kadmin.local: | ||
kadmin.local: | kadmin.local: | ||
- | Create admin, user principals | + | </ |
+ | < | ||
+ | **6.** | ||
kadmin.local: | kadmin.local: | ||
kadmin.local: | kadmin.local: | ||
kadmin.local: | kadmin.local: | ||
</ | </ | ||
- | Create startup script / | + | **7.** |
- | rc.krb5 - shamelessly ripped off from rc.samba from Slackware 13.0 | + | <note important> |
< | < | ||
#!/bin/sh | #!/bin/sh | ||
Line 109: | Line 113: | ||
esac | esac | ||
</ | </ | ||
- | Start KDC daemons: | + | **8.** |
< | < | ||
# chmod +x / | # chmod +x / | ||
# / | # / | ||
</ | </ | ||
- | . Remember to make the rc.krb5 script executable if you want the KDC to start automatically at boot. | + | **9.** Remember to make the rc.krb5 script executable if you want the KDC to start automatically at boot. |
Verify connectivity to KDC with kadmin, kinit: | Verify connectivity to KDC with kadmin, kinit: | ||
< | < | ||
Line 120: | Line 124: | ||
$ klist | $ klist | ||
$ kadmin -p krb5adminprinc/ | $ kadmin -p krb5adminprinc/ | ||
+ | </ | ||
+ | === The Client === | ||
+ | This procedure will result in a client capable of retrievving Kerberos tickets from a KDC and allow Kerberos principals to login at the console. Successful console login by a principal will generate tickets in the user's cache. Failed login by a principal (because the principal doesn' | ||
+ | **1.** Install krb5 always http:// | ||
+ | **2.** Setup / | ||
+ | **krb5.conf** | ||
+ | < | ||
+ | [domain_realm] | ||
+ | example.com = EXAMPLE.COM | ||
+ | .example.com = EXAMPLE.COM | ||
+ | |||
+ | [libdefaults] | ||
+ | default_realm = EXAMPLE.COM | ||
+ | dns_kdc_lookup = true | ||
+ | dns_realm_lookup = true | ||
+ | forwardable = true | ||
+ | renewable = true | ||
+ | |||
+ | [realms] | ||
+ | |||
+ | EXAMPLE.COM = { | ||
+ | kdc = kerberos-1.example.com: | ||
+ | kdc = kerberos-2.example.com: | ||
+ | admin_server = kerberos-1.example.com: | ||
+ | }</ | ||
+ | **3.** Verify kadmin, kinit working | ||
+ | < | ||
+ | $ kinit krb5userprinc | ||
+ | $ klist | ||
+ | $ kadmin -p krb5adminprinc/ | ||
+ | </ | ||
+ | **4.** Add host principal, and extract host principal to / | ||
+ | < | ||
+ | kadmin: ank -randkey host/ | ||
+ | kadmin: xst -k / | ||
+ | kadmin: quit | ||
</ | </ | ||
| | ||
<!-- If you are copying information from another source, then specify that source --> | <!-- If you are copying information from another source, then specify that source --> | ||
- | <!-- * Original source: [[http://some.website.org/some/page.html]] --> | + | <-- * Original source: [[http://arktur.shuttle.de/CD/Testpakete/ |
<!-- Authors are allowed to give credit to themselves! --> | <!-- Authors are allowed to give credit to themselves! --> | ||
<!-- * Originally written by [[wiki: | <!-- * Originally written by [[wiki: |