linux_wiki:setup_a_kdc_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
linux_wiki:setup_a_kdc_server [2018/04/03 13:10]
billdozor [SSH] 		linux_wiki:setup_a_kdc_server [2018/04/15 23:26]
billdozor [Prerequisites]
Line 6: Line 6:
  
 The second part is setting up a KDC client with local accounts as well. The second part is setting up a KDC client with local accounts as well.
 +
 +----
 +
 +====== Lab Setup ======
 +
 +The following virtual machines will be used:
 +  * server1.example.com (192.168.1.150) -> Kerberos Client
 +  * server2.example.com (192.168.1.151) -> Kerberos KDC
  
 ---- ----
Line 47: Line 55:
  
 \\ \\
-**KRB5 Config**: Edit /etc/krb5.conf, uncomment all lines and replace the domain with the desired domain+**KRB5 Client Config**: Edit /etc/krb5.conf, uncomment all lines and replace the domain with the desired domain
 <code bash> <code bash>
 vim /etc/krb5.conf vim /etc/krb5.conf
Line 56: Line 64:
 [realms] [realms]
 MYDOMAIN.COM = { MYDOMAIN.COM = {
-  kdc = server3.mydomain.comĀ +  kdc = server2.mydomain.comĀ 
-  admin_server = server3.mydomain.com+  admin_server = server2.mydomain.com
 } }
  
Line 86: Line 94:
 ---- ----
  
-====== Server: Create Users and Principals ======+====== Server: Create Principals for Users and Hosts ======
  
 Open the Kerberos admin tool Open the Kerberos admin tool
Line 110: Line 118:
 Add hostname of the KDC server so the kerberos database knows about the server it is installed on Add hostname of the KDC server so the kerberos database knows about the server it is installed on
 <code bash> <code bash>
-addprinc -randkey host/server3.mydomain.com+addprinc -randkey host/server2.mydomain.com
 </code> </code>
  
Line 116: Line 124:
 Add host principal to the local keytab (/etc/krb5.keytab) for automatic use with kerberos client commands Add host principal to the local keytab (/etc/krb5.keytab) for automatic use with kerberos client commands
 <code bash> <code bash>
-ktadd host/server3.mydomain.com+ktadd host/server2.mydomain.com
 </code> </code>
  
Line 144: Line 152:
 </code> </code>
  
-===== Authorization =====+===== Authentication =====
  
-Configure PAM authorization (authconfig) to enable krb5+Configure PAM authentication (authconfig) to enable krb5
 <code bash> <code bash>
 authconfig --enablekrb5 --update authconfig --enablekrb5 --update
Line 201: Line 209:
 SSH to the fully qualified name of the local system SSH to the fully qualified name of the local system
 <code bash> <code bash>
-ssh server3.mydomain.com+ssh server2.mydomain.com
 </code> </code>
  
Line 270: Line 278:
 </code> </code>
  
-===== PAM =====+===== Authentication =====
  
-Configure PAM to enable krb5+Configure PAM authentication to enable krb5
 <code bash> <code bash>
 authconfig --enablekrb5 --update authconfig --enablekrb5 --update
Line 295: Line 303:
 SSH to to the KDC server SSH to to the KDC server
 <code bash> <code bash>
-ssh ipa.example.com+ssh server2.example.com
 </code> </code>
   * Should not be prompted for a password due to initializing a kerberos ticket   * Should not be prompted for a password due to initializing a kerberos ticket
  
 ---- ----
  • linux_wiki/setup_a_kdc_server.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)