Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:setup_a_kdc_server [2018/04/03 13:11] billdozor [PAM] |
linux_wiki:setup_a_kdc_server [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 6: | Line 6: | ||
The second part is setting up a KDC client with local accounts as well. | The second part is setting up a KDC client with local accounts as well. | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Lab Setup ====== | ||
+ | |||
+ | The following virtual machines will be used: | ||
+ | * server1.example.com (192.168.1.150) -> Kerberos Client | ||
+ | * server2.example.com (192.168.1.151) -> Kerberos KDC | ||
---- | ---- | ||
Line 17: | Line 25: | ||
---- | ---- | ||
- | ====== | + | ====== |
Install main packages required | Install main packages required | ||
Line 26: | Line 34: | ||
---- | ---- | ||
- | ====== | + | ====== |
**KDC Config**: Replace domain with desired domain | **KDC Config**: Replace domain with desired domain | ||
Line 47: | Line 55: | ||
\\ | \\ | ||
- | **KRB5 Config**: Edit / | + | **KRB5 |
<code bash> | <code bash> | ||
vim / | vim / | ||
Line 56: | Line 64: | ||
[realms] | [realms] | ||
MYDOMAIN.COM = { | MYDOMAIN.COM = { | ||
- | kdc = server3.mydomain.comĀ | + | kdc = server2.mydomain.comĀ |
- | admin_server = server3.mydomain.com | + | admin_server = server2.mydomain.com |
} | } | ||
Line 67: | Line 75: | ||
---- | ---- | ||
- | ====== | + | ====== |
Create the Kerberos database | Create the Kerberos database | ||
Line 86: | Line 94: | ||
---- | ---- | ||
- | ====== | + | ====== |
Open the Kerberos admin tool | Open the Kerberos admin tool | ||
Line 110: | Line 118: | ||
Add hostname of the KDC server so the kerberos database knows about the server it is installed on | Add hostname of the KDC server so the kerberos database knows about the server it is installed on | ||
<code bash> | <code bash> | ||
- | addprinc -randkey host/server3.mydomain.com | + | addprinc -randkey host/server2.mydomain.com |
</ | </ | ||
Line 116: | Line 124: | ||
Add host principal to the local keytab (/ | Add host principal to the local keytab (/ | ||
<code bash> | <code bash> | ||
- | ktadd host/server3.mydomain.com | + | ktadd host/server2.mydomain.com |
</ | </ | ||
Line 127: | Line 135: | ||
---- | ---- | ||
- | ====== | + | ====== |
===== SSH ===== | ===== SSH ===== | ||
Line 178: | Line 186: | ||
---- | ---- | ||
- | ====== | + | ====== |
Add a user account | Add a user account | ||
Line 201: | Line 209: | ||
SSH to the fully qualified name of the local system | SSH to the fully qualified name of the local system | ||
<code bash> | <code bash> | ||
- | ssh server3.mydomain.com | + | ssh server2.mydomain.com |
</ | </ | ||
---- | ---- | ||
- | ====== Client: Package Install ====== | + | ====== |
Install the required packages | Install the required packages | ||
Line 215: | Line 223: | ||
---- | ---- | ||
- | ====== Client: Configure the Kerberos Client ====== | + | ====== |
Setup the krb5.conf file | Setup the krb5.conf file | ||
Line 253: | Line 261: | ||
---- | ---- | ||
- | ====== Client: Configure the Client OS Components ====== | + | ====== |
===== SSH ===== | ===== SSH ===== | ||
Line 279: | Line 287: | ||
---- | ---- | ||
- | ====== Client: Test The Client ====== | + | ====== |
Change to the user | Change to the user | ||
Line 295: | Line 303: | ||
SSH to to the KDC server | SSH to to the KDC server | ||
<code bash> | <code bash> | ||
- | ssh ipa.example.com | + | ssh server2.example.com |
</ | </ | ||
* Should not be prompted for a password due to initializing a kerberos ticket | * Should not be prompted for a password due to initializing a kerberos ticket | ||
---- | ---- |