Welcome to the Slackware Documentation Project

This is an old revision of the document!

Install and configuring kerberos On Slackware without PAM


This procedure will result in a new Kerberos realm. If you already have access to a Kerberos KDC, you can skip to the client and application server parts. Also, the below procedure is very abbreviated and is not a substitute for reading the documentation supplied in the package or on the MIT Kerberos website.

  1. Install krb (you can download and build it from http://slackbuilds.org/repository/14.1/network/krb5/)
  2. Configure /etc/krb5.conf, /var/krb5kdc/kdc.conf and /var/krb5kdc/kadm5.acl . These files are examples which you should adjust after reading the Kerberos documentation.


        example.com = EXAMPLE.COM
        .example.com = EXAMPLE.COM

        default_realm = EXAMPLE.COM
        dns_kdc_lookup = true
        dns_realm_lookup = true
        forwardable = true
        renewable = true

	kdc = kerberos-1.example.com:88
	kdc = kerberos-2.example.com:88
        admin_server = kerberos-1.example.com:749


        kdc_ports = 749,88

        EXAMPLE.COM = {
                database_name = /var/krb5kdc/principal
                admin_keytab = FILE:/var/krb5kdc/kadm5.keytab
                acl_file = /var/krb5kdc/kadm5.acl
                key_stash_file = /var/krb5kdc/.k5.EXAMPLE.COM
                kdc_ports = 749,88
                max_life = 10h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
                supported_keytypes = aes256-cts des-cbc-crc des-cbc-md5


krb5adminprinc/admin   *

3. Create DataBase

/usr/kerberos/sbin/kdb5_util create -r EXAMPLE.COM -s

Extract the admin server keys to /var/krb5kdc/kadm5.keytab.

kadmin.local: xst -k /var/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
Create host and other principals; extract to /etc/krb5.keytab
kadmin.local: ank -randkey host/fully.qualified.domain.name
kadmin.local: xst -k /etc/krb5.keytab host/fully.qualified.domain.name
Create admin, user principals
kadmin.local: ank krb5adminprinc/admin
kadmin.local: ank krb5userprinc
kadmin.local: quit

Create startup script /etc/rc.d/rc.krb5 rc.krb5 - shamelessly ripped off from rc.samba from Slackware 13.0

# /etc/rc.d/rc.krb5
# Start/stop/restart the MIT Kerberos V KDC
# To make Kerberos start automatically at boot, make this
# file executable:  chmod 755 /etc/rc.d/rc.krb5

krb5_start() {
  if [ -x /usr/kerberos/sbin/krb5kdc -a -x /usr/kerberos/sbin/kadmind -a -r /etc/krb5.conf -a -r /var/krb5kdc/kdc.conf ]; then
    echo "Starting Kerberos:  /usr/kerberos/sbin/krb5kdc"
    echo "                 /usr/kerberos/sbin/kadmind"

krb5_stop() {
  killall krb5kdc kadmind

krb5_restart() {
  sleep 2

case "$1" in
  # Default is "start", for backwards compatibility with previous
  # Slackware versions.  This may change to a 'usage' error someday.

Start KDC daemons:

# chmod +x /etc/rc.d/rc.krb5
# /etc/rc.d/rc.krb5 start

. Remember to make the rc.krb5 script executable if you want the KDC to start automatically at boot. Verify connectivity to KDC with kadmin, kinit:

$ kinit krb5userprinc
$ klist
$ kadmin -p krb5adminprinc/admin


In Other Languages
Translations of this page?:
QR Code
QR Code howtos:network_services:kerberizing_slackware_without_pam (generated for current page)