Keberos server
Zur Navigation springen
Zur Suche springen
pre setings
- DOMAIN
wok.lan
HOSTNAME
maria
div settings
cat /etc/hostname maria.wok.lan
cat /etc/hosts 127.0.0.1 localhost 192.168.242.3 maria maria.wok.lan
cat /etc/resolv.conf nameserver 192.168.244.151 search wok.lan
test
root@maria:~# host maria maria.wok.lan has address 192.168.242.3 root@maria:~# host 192.168.242.3 3.242.168.192.in-addr.arpa domain name pointer maria.wok.lan.
install
apt-get install krb5-kdc krb5-admin-server ntp
make a newrealm
krb5_newrealm
destroy old database
kdb5_util -r SUXER.DE -m destroy -f
hint
in a vrtualmachine you have to supply random data like this in a second console cat /dev/sda > /dev/urandom
note master key name
master key name 'K/M@WOK.LAN'
checking the ports
root@maria:~# netstat -4 -lntpu | egrep "kadmind|krb5kdc" tcp 0 0 0.0.0.0:749 0.0.0.0:* LISTEN 2598/kadmind tcp 0 0 0.0.0.0:464 0.0.0.0:* LISTEN 2598/kadmind udp 0 0 0.0.0.0:464 0.0.0.0:* 2598/kadmind udp 0 0 0.0.0.0:750 0.0.0.0:* 2583/krb5kdc udp 0 0 0.0.0.0:88 0.0.0.0:* 2583/krb5kdc
kadmin.local
create an admin account with name "kerberosadm"
root@maria:~# kadmin.local Authenticating as principal root/admin@WOK.LAN with password. kadmin.local: addprinc kerberosadm/admin WARNING: no policy specified for kerberosadm/admin@WOK.LAN; defaulting to no policy Enter password for principal "kerberosadm/admin@WOK.LAN": Re-enter password for principal "kerberosadm/admin@WOK.LAN": Principal "kerberosadm/admin@WOK.LAN" created. kadmin.local: exit
create an account with name "xinux"
root@maria:~# kadmin.local kadmin.local: addprinc xinux WARNING: no policy specified for xinux@WOK.LAN; defaulting to no policy Enter password for principal "xinux@WOK.LAN": Re-enter password for principal "xinux@WOK.LAN": Principal "xinux@WOK.LAN" created. kadmin.local: exit
rights
edit /etc/krb5kdc/kadm5.acl
*/admin *
restart
root@maria:~# service krb5-admin-server restart * Restarting Kerberos administrative servers kadmind
ticket handling
root@maria:~# kinit kerberosadm/admin Password for kerberosadm/admin@WOK.LAN:
root@maria:~# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: kerberosadm/admin@WOK.LAN Valid starting Expires Service principal 10.09.2014 15:11:35 11.09.2014 01:11:35 krbtgt/WOK.LAN@WOK.LAN renew until 11.09.2014 15:11:32
root@maria:~# kdestroy
root@maria:~# klist klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
create host principal
root@maria:~# kadmin.local kadmin.local: addprinc -randkey host/maria.wok.lan WARNING: no policy specified for host/maria.wok.lan@WOK.LAN; defaulting to no policy Principal "host/maria.wok.lan@WOK.LAN" created.
kadmin.local: ktadd -k /etc/krb5.keytab host/maria.wok.lan Entry for principal host/maria.wok.lan with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/maria.wok.lan with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/maria.wok.lan with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/maria.wok.lan with kvno 2, encryption type des-cbc-crc added to keytab WRFILE:/etc/krb5.keytab. kadmin.local: exit
Links
errors