Home | Content | Search | Navigation | Toolbox | Actions | In other languages

Howto KRB server

From openSUSE

Contents

[edit]

Example Configuration of Kerberos 5 Server on OpenSUSE 10.2

[edit]

Edit Configuration Files

[edit]

Edit /etc/krb5.conf 

       [libdefaults]
               default_realm = EXAMPLE
               clockskew = 300
               ticket_lifetime = 600
               default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
               default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
       [realms]
       BUSHLIFE = {
               kdc = example.com.au
               default_domain = EXAMPLE.COM.AU
               admin_server = kerberos.example.com.au
       }
       [logging]
               kdc = FILE:/var/log/krb5/krb5kdc.log
               admin_server = FILE:/var/log/krb5/kadmind.log
               default = SYSLOG:NOTICE:DAEMON
       [domain_realm]
               .example.com.au = EXAMPLE.COM.AU
               example.com.au = EXAMPLE.COM.AU
       [appdefaults]
       pam = {
               ticket_lifetime = 1d
               renew_lifetime = 1d
               forwardable = true
               proxiable = false
               retain_after_close = false
               minimum_uid = 0
               use_shmem = sshd
       }
       [login]
               krb4_convert = false
               krb4_get_tickets = false
[edit]

Edit /var/lib/kerberos/krb5kdc/kdc.conf 

       [kdcdefaults]
               kdc_ports = 750,88
       [realms]
               EXAMPLE = {
                       database_name = /var/lib/kerberos/krb5kdc/principal
                       admin_keytab = FILE:/var/lib/kerberos/krb5kdc/kadm5.keytab
                       acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl
                       dict_file = /var/lib/kerberos/krb5kdc/kadm5.dict
                       key_stash_file = /var/lib/kerberos/krb5kdc/.k5.EXAMPLE
                       kdc_ports = 750,88
                       max_life = 10h 0m 0s
                       max_renewable_life = 7d 0h 0m 0s
               }
       [logging]
           kdc = FILE:/var/log/krb5/krb5kdc.log
           admin_server = FILE:/var/log/krb5/kadmind.log


[edit]

Set up kerberos master database

[edit]

Create default administrator user

  • kdb5_util create -s
  • You will be asked to enter the database master password
  • You will be asked to confirm the database master password just entered
[edit]

Add users who will have administrative access to the master database

  • Edit the /var/lib/kerberos/krb5kdc/kadm5.acl file (or the path as specified in kdc.conf) 
       */admin@EXAMPLE.COM.AU  *
[edit]

Create the initial user principal

The initial user principal is created to allow access to the kadmind using kerberos authentication. Make sure you replace username with the username that you wish to grant access rights to

  • kadmin.local -q "addprinc username/admin"


[edit]

Start the service

  • service krb5kdc start
  • service kadmind start


Work in progress

Retrieved from "http://en.opensuse.org/Howto_KRB_server"
The content on this and other wiki pages is posted by community members who are not acting for or on behalf of Novell, Inc., whether or not they otherwise have affiliation with Novell.
This site uses the YAML CSS framework.
About openSUSE | Disclaimers | Feedback
This page was last modified 19:08, 19 February 2008. This page has been accessed 1,533 times.

Founded by Novell