Keberos server

Aus xinux.net
Zur Navigation springen Zur Suche springen

pre setings

  • DOMAIN
wok.lan

HOSTNAME 

maria

div settings

cat  /etc/hostname 
maria.wok.lan

cat  /etc/hosts
127.0.0.1	localhost
192.168.242.3	maria maria.wok.lan

cat /etc/resolv.conf 
nameserver 192.168.244.151
search wok.lan

test

root@maria:~# host maria
maria.wok.lan has address 192.168.242.3

root@maria:~# host  192.168.242.3
3.242.168.192.in-addr.arpa domain name pointer maria.wok.lan.

install

apt-get install krb5-kdc krb5-admin-server ntp

make a newrealm

krb5_newrealm

destroy old database

kdb5_util -r SUXER.DE -m destroy -f

hint

in a vrtualmachine you have to supply random data
like this in a second console  
cat /dev/sda > /dev/urandom

note master key name

master key name 'K/M@WOK.LAN'

checking the ports

root@maria:~# netstat -4 -lntpu | egrep "kadmind|krb5kdc"
tcp        0      0 0.0.0.0:749             0.0.0.0:*               LISTEN      2598/kadmind    
tcp        0      0 0.0.0.0:464             0.0.0.0:*               LISTEN      2598/kadmind    
udp        0      0 0.0.0.0:464             0.0.0.0:*                           2598/kadmind    
udp        0      0 0.0.0.0:750             0.0.0.0:*                           2583/krb5kdc    
udp        0      0 0.0.0.0:88              0.0.0.0:*                           2583/krb5kdc

kadmin.local

create an admin account with name "kerberosadm"

root@maria:~# kadmin.local 
Authenticating as principal root/admin@WOK.LAN with password.
kadmin.local:  addprinc kerberosadm/admin
WARNING: no policy specified for kerberosadm/admin@WOK.LAN; defaulting to no policy
Enter password for principal "kerberosadm/admin@WOK.LAN": 
Re-enter password for principal "kerberosadm/admin@WOK.LAN": 
Principal "kerberosadm/admin@WOK.LAN" created.
kadmin.local:  exit

create an account with name "xinux"

root@maria:~# kadmin.local 
kadmin.local:  addprinc xinux
WARNING: no policy specified for xinux@WOK.LAN; defaulting to no policy
Enter password for principal "xinux@WOK.LAN": 
Re-enter password for principal "xinux@WOK.LAN": 
Principal "xinux@WOK.LAN" created.
kadmin.local:  exit

rights

edit /etc/krb5kdc/kadm5.acl 

 */admin *

restart 

root@maria:~# service krb5-admin-server restart
* Restarting Kerberos administrative servers kadmind

ticket handling

root@maria:~# kinit kerberosadm/admin
Password for kerberosadm/admin@WOK.LAN: 

root@maria:~# klist 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: kerberosadm/admin@WOK.LAN

Valid starting       Expires              Service principal
10.09.2014 15:11:35  11.09.2014 01:11:35  krbtgt/WOK.LAN@WOK.LAN
	renew until 11.09.2014 15:11:32

root@maria:~# kdestroy 

root@maria:~# klist 
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)

create host principal

root@maria:~# kadmin.local
kadmin.local:  addprinc -randkey host/maria.wok.lan
WARNING: no policy specified for host/maria.wok.lan@WOK.LAN; defaulting to no policy
Principal "host/maria.wok.lan@WOK.LAN" created.

kadmin.local:  ktadd -k /etc/krb5.keytab host/maria.wok.lan
Entry for principal host/maria.wok.lan with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/maria.wok.lan with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/maria.wok.lan with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/krb5.keytab.
Entry for principal host/maria.wok.lan with kvno 2, encryption type des-cbc-crc added to keytab WRFILE:/etc/krb5.keytab.
kadmin.local: exit

Links

errors

Abgerufen von „https://xinux.net/index.php?title=Keberos_server&oldid=6003