linux_wiki:configure_a_system_to_authenticate_using_kerberos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_a_system_to_authenticate_using_kerberos [2018/05/05 16:26]
billdozor [Add Host to The Kerberos Server] 		linux_wiki:configure_a_system_to_authenticate_using_kerberos [2019/05/25 23:50]
Line 1: Line 1:
-====== Configure A System To Authenticate Using Kerberos ====== 
- 
-**General Information** 
- 
-Setting up a client to authenticate using kerberos.  
- 
----- 
- 
-====== Lab Setup ====== 
- 
-The following virtual machines will be used: 
-  * server1.example.com (192.168.1.150) -> Client for kerberos authentication 
-  * ipa.example.com (192.168.1.152) -> FreeIPA server/kerberos server 
- 
----- 
- 
-====== Prerequisites ====== 
- 
-Some items are required before being able to practice this objective. 
- 
-  * [[linux_wiki:rhce#lab_setup|Lab Setup]]: Ensure you have already setup your [[http://www.unixmen.com/configure-freeipa-server-centos-7/|FreeIPA server]]. (ipa.example.com) 
-    * Alternatively, you can [[setup a KDC server|setup a KDC server and client with local accounts]]. 
-    * Creating a KDC server/FreeIPA server is not a RHCE Exam Objective, but you will need one to practice with. 
-  * Lab Setup: An additional system to act as a client. (**server1.example.com**) 
-    * If you are using the FreeIPA server, configure the client to [[linux_wiki:configure_a_system_to_use_an_existing_authentication_service_for_user_and_group_information|connect to it via ldap]]. 
- 
----- 
- 
-====== Package Install ====== 
- 
-Install the required packages 
-<code bash> 
-yum install krb5-workstation pam_krb5 
-</code> 
- 
----- 
- 
-====== Configure the Kerberos Client ====== 
- 
-**Option 1**: Use authconfig to enable kerberos<code bash>authconfig --enablekrb5 --krb5kdc=ipa.example.com --krb5realm=EXAMPLE.COM --krb5adminserver=ipa.example.com --update</code> 
-  * Note: If you get this message: "authconfig: Authentication module /usr/lib64/security/pam_krb5.so is missing. Authentication process might not work correctly." 
-    * You did not install "pam_krb5"<code bash>yum install pam_krb5</code> 
- 
-\\ 
-**Option 2**: Use authconfig-tui to enable kerberos 
-  * Open authconfig-tui<code bash>authconfig-tui</code> 
-  * Authentication Configuration 
-    * Under Authentication -> select "Use Kerberos", then Next 
-  * LDAP Settings -> Do not change anything, Next 
-  * Kerberos Settings 
-    * Realm: EXAMPLE.COM 
-    * KDC: ipa.example.com 
-    * Admin Server: ipa.example.com 
-  * Ok 
- 
-===== Add Client Host to The Kerberos Server ===== 
- 
-The kerberos server (KDC) must have an entry for the client host. 
- 
-A kerberos client keytab (containing client host identification) will probably be provided in the exam. 
- 
-For lab purposes, you may need to add the client and generate a keytab. 
- 
-[[linux_wiki:setup_a_kdc_server#kerberos_clientconfigure_the_kerberos_client|See here for more details]]. 
- 
----- 
- 
-====== Test The Client ====== 
- 
-  * Login as a LDAP user<code bash>su - robert</code> 
-  * Get a kerberos ticket<code bash>kinit robert</code> 
-  * View ticket<code bash>klist</code> 
-  * SSH to another system<code bash>ssh ipa.example.com</code> 
-    * Should not be prompted for a password due to initializing a kerberos ticket 
- 
----- 
  
  • linux_wiki/configure_a_system_to_authenticate_using_kerberos.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)