linux_wiki:configure_a_system_to_authenticate_using_kerberos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux_wiki:configure_a_system_to_authenticate_using_kerberos [2016/09/13 23:15]
billdozor 		linux_wiki:configure_a_system_to_authenticate_using_kerberos [2019/05/25 23:50] (current)
Line 4: Line 4:
  
 Setting up a client to authenticate using kerberos.  Setting up a client to authenticate using kerberos. 
 +
 +----
 +
 +====== Lab Setup ======
 +
 +The following virtual machines will be used:
 +  * server1.example.com (192.168.1.150) -> Client for kerberos authentication
 +  * ipa.example.com (192.168.1.152) -> FreeIPA server/kerberos server
 +
 +----
 +
 +====== Help ======
 +
 +Finding help in this section.
 +  * authconfig help, filter for krb<code bash>authconfig --help | grep krb</code>
  
 ---- ----
Line 31: Line 46:
  
 **Option 1**: Use authconfig to enable kerberos<code bash>authconfig --enablekrb5 --krb5kdc=ipa.example.com --krb5realm=EXAMPLE.COM --krb5adminserver=ipa.example.com --update</code> **Option 1**: Use authconfig to enable kerberos<code bash>authconfig --enablekrb5 --krb5kdc=ipa.example.com --krb5realm=EXAMPLE.COM --krb5adminserver=ipa.example.com --update</code>
 +  * Note: If you get this message: "authconfig: Authentication module /usr/lib64/security/pam_krb5.so is missing. Authentication process might not work correctly."
 +    * You did not install "pam_krb5"<code bash>yum install pam_krb5</code>
  
 +\\
 **Option 2**: Use authconfig-tui to enable kerberos **Option 2**: Use authconfig-tui to enable kerberos
   * Open authconfig-tui<code bash>authconfig-tui</code>   * Open authconfig-tui<code bash>authconfig-tui</code>
Line 42: Line 60:
     * Admin Server: ipa.example.com     * Admin Server: ipa.example.com
   * Ok   * Ok
 +
 +===== Add Client Host to The Kerberos Server =====
 +
 +The kerberos server (KDC) must have an entry for the client host.
 +
 +A kerberos client keytab (containing client host identification) will probably be provided in the exam.
 +
 +For lab purposes, you may need to add the client and generate a keytab.
 +
 +[[linux_wiki:setup_a_kdc_server#kerberos_clientconfigure_the_kerberos_client|See here for more details]].
  
 ---- ----
Line 47: Line 75:
 ====== Test The Client ====== ====== Test The Client ======
  
-  * Login as a LDAP user<code bash>su - linda</code> +  * Login as a LDAP user<code bash>su - robert</code> 
-  * Get a kerberos ticket<code bash>kinit linda</code>+  * Get a kerberos ticket<code bash>kinit robert</code>
   * View ticket<code bash>klist</code>   * View ticket<code bash>klist</code>
   * SSH to another system<code bash>ssh ipa.example.com</code>   * SSH to another system<code bash>ssh ipa.example.com</code>
  • linux_wiki/configure_a_system_to_authenticate_using_kerberos.1473822928.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)