Step1
------
vim /etc/krb5.conf
default_relam=STATIONX.EXAMPLE.COM
realm
STATIONX.EXAMPLE.COM
Kdc=192.168.0.5:88
Admin_server=192.168.0.5:749
Appdefault
Validate = true
Step2
-------
vim /var/Kerberos/krb5kdc/kdc.conf
realm
STATIONX.EXAMPLE.COM
Default_principal_flags= +preauth
Uncomment master-key-type
Step3
--------
vim /var/Kerberos/krb5kdc/kadm5.acl
*/admin@STATIONX.EXAMPLE.COM
Step4
----------
kdb5_util create –r STATIONX.EXAMPLE.COM –s
Step5
---------
kadmin.local
addprinc root/admin
addprinc kerby
ktadd –k /var/Kerberos/krb5kdc/kadm5.keytab kadmin/admin
ktadd –k /var/Kerberos/krb5kdc/kadm5.keytab kadmin/changepw
addprinc –randkey host/stationx.example.com
addprinc –randkey host/stationy.example.com
ktadd –k /var/Kerberos/krb5kdc/kadm5.keytab
listprincs
q
Step6
---------
klist –k /var/Kerberos/krb5kdc/kadm5.keytab
klist –k /etc/krb5.keytab
Step7
-------------
restorecon –R –v /etc/krb5*
restorecon –R –v /var/Kerberos/krb5kdc/*
Step8
-----------
/etc/init.d/kadmin restart
/etc/init.d/krb5kdc restart
chkconfig kadmin on
chkconfig krb5kdc on
Kerberos client
Step1
------
authconfig-tui
check nis and spply the creadintials
check Kerberos
Step2
---------
scp stationx:/etc/krb5.conf /etc/krb5.conf
Step3
--------
restorecon –v /etc/krb5.conf
Step4
--------
kadmin –p root/admin
ktadd host/STATIONY.EXAMPLE.COM
listprincs
q
Step5
--------
su – kerby
klist
kinit
klist
ssh stationx
if enter without password then the Kerberos server is configure properly.
Remove Kerberos server
Backup /etc/krb5.conf
Kdb5_util destroy –r STATIONX.EXAMPLE.COM
Find / - name krb5
Find / - name Kerberos
Yum remove krb5-server krb5-server
Log files
/var/log/krb5libs.log
/var/log/krb5kdc.log
/var/log/kadmin.log
No comments:
Post a Comment