linux_wiki:configure_a_system_to_authenticate_using_kerberos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_a_system_to_authenticate_using_kerberos [2016/08/15 23:12]
billdozor [Test The Client] 		linux_wiki:configure_a_system_to_authenticate_using_kerberos [2019/05/25 23:50]
Line 1: Line 1:
-====== Configure A System To Authenticate Using Kerberos ====== 
- 
-**General Information** 
- 
-Setting up a client to authenticate using kerberos.  
- 
----- 
- 
-====== Prerequisites ====== 
- 
-Some items are required before being able to practice this objective. 
- 
-  * [[linux_wiki:rhce#lab_setup|Lab Setup]]: Ensure you have already setup your [[http://www.unixmen.com/configure-freeipa-server-centos-7/|FreeIPA server]]. (ipa.example.com) 
-    * Alternatively, you can [[setup a KDC server]]. 
-    * Creating a KDC server/FreeIPA server is not a RHCE Exam Objective, but you will need one to practice with. 
-  * Lab Setup: An additional system to act as a client. (**server1.example.com**) 
- 
----- 
- 
-====== Package Install ====== 
- 
-Install the required packages 
-<code bash> 
-yum install krb5-workstation pam_krb5 
-</code> 
- 
----- 
- 
-====== Configure the Kerberos Client ====== 
- 
-Setup the krb5.conf file 
-  * Edit /etc/krb5.conf and change EXAMPLE.COM to the desired domain 
-  * OR copy the /etc/krb5.conf file from the KDC server to the client 
- 
-\\ 
-Create the user 
-<code bash> 
-useradd user1 
-</code> 
- 
-\\ 
-Open the Kerberos admin tool on the client system 
-<code bash> 
-kadmin 
-</code> 
- 
-\\ 
-Add the client hostname 
-<code bash> 
-addprinc --randkey host/server1.example.com 
-</code> 
- 
-\\ 
-Create the local keytab file for the client hostname 
-<code bash> 
-ktadd host/server1.example.com 
-</code> 
- 
-\\ 
-Exit the admin tool 
-<code bash> 
-quit 
-</code> 
- 
----- 
- 
-====== Configure the Client OS Components ====== 
- 
-===== SSH ===== 
- 
-Uncomment the required GSSAPI lines 
-<code bash> 
-vim /etc/ssh/sshd_config 
- 
-GSSAPIAuthentication yes 
-GSSAPIDelegateCredentials yes 
-</code> 
- 
-\\ 
-Reload the SSHD config 
-<code bash> 
-systemctl reload sshd 
-</code> 
- 
-===== PAM ===== 
- 
-Configure PAM to enable krb5 
-<code bash> 
-authconfig --enablekrb5 --update 
-</code> 
- 
----- 
- 
-====== Test The Client ====== 
- 
-Change to the user 
-<code bash> 
-su - user1 
-</code> 
- 
-\\ 
-Initialize kerberos 
-<code bash> 
-kinit 
-</code> 
- 
-\\ 
-SSH to to the KDC server 
-<code bash> 
-ssh ipa.example.com 
-</code> 
-  * Should not be prompted for a password due to initializing a kerberos ticket 
- 
----- 
  
  • linux_wiki/configure_a_system_to_authenticate_using_kerberos.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)