Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_a_system_to_authenticate_using_kerberos [2018/05/05 16:26] billdozor [Add Host to The Kerberos Server] |
linux_wiki:configure_a_system_to_authenticate_using_kerberos [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure A System To Authenticate Using Kerberos ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Setting up a client to authenticate using kerberos. | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * server1.example.com (192.168.1.150) -> Client for kerberos authentication | ||
- | * ipa.example.com (192.168.1.152) -> FreeIPA server/ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Prerequisites ====== | ||
- | |||
- | Some items are required before being able to practice this objective. | ||
- | |||
- | * [[linux_wiki: | ||
- | * Alternatively, | ||
- | * Creating a KDC server/ | ||
- | * Lab Setup: An additional system to act as a client. (**server1.example.com**) | ||
- | * If you are using the FreeIPA server, configure the client to [[linux_wiki: | ||
- | |||
- | ---- | ||
- | |||
- | ====== Package Install ====== | ||
- | |||
- | Install the required packages | ||
- | <code bash> | ||
- | yum install krb5-workstation pam_krb5 | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure the Kerberos Client ====== | ||
- | |||
- | **Option 1**: Use authconfig to enable kerberos< | ||
- | * Note: If you get this message: " | ||
- | * You did not install " | ||
- | |||
- | \\ | ||
- | **Option 2**: Use authconfig-tui to enable kerberos | ||
- | * Open authconfig-tui< | ||
- | * Authentication Configuration | ||
- | * Under Authentication -> select "Use Kerberos", | ||
- | * LDAP Settings -> Do not change anything, Next | ||
- | * Kerberos Settings | ||
- | * Realm: EXAMPLE.COM | ||
- | * KDC: ipa.example.com | ||
- | * Admin Server: ipa.example.com | ||
- | * Ok | ||
- | |||
- | ===== Add Client Host to The Kerberos Server ===== | ||
- | |||
- | The kerberos server (KDC) must have an entry for the client host. | ||
- | |||
- | A kerberos client keytab (containing client host identification) will probably be provided in the exam. | ||
- | |||
- | For lab purposes, you may need to add the client and generate a keytab. | ||
- | |||
- | [[linux_wiki: | ||
- | |||
- | ---- | ||
- | |||
- | ====== Test The Client ====== | ||
- | |||
- | * Login as a LDAP user< | ||
- | * Get a kerberos ticket< | ||
- | * View ticket< | ||
- | * SSH to another system< | ||
- | * Should not be prompted for a password due to initializing a kerberos ticket | ||
- | |||
- | ---- | ||