トップページ

とっととUbuntuでKerberos構築しろや!

KusogomiいろいろWiki

くそったれ目次!

おら、まずはインストールからや!

どのパッケージをインストールすればいいのかわからんから、とりあえず全部突っ込んだ〜

$ sudo apt-get install krb5-*

/etc/krb5.confと/etc/krb5kdc/kdc.confを適当に編集。

$ sudo vi /etc/krb5.conf
[libdefaults]
        default_realm = HOGEHOGE.COM
        default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
        default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
        dns_lookup_realm = false
        dns_lookup_kdc = false

[realms]
        HOGEHOGE.COM = {
                kdc = 192.168.0.3:88
                admin_server = 192.168.0.3
        }
$ sudo vi /etc/krb5kdc/kdc.conf
[kdcdefaults]
    kdc_ports = 750,88

[realms]
    HOGEHOGE.COM = {
        database_name = /var/lib/krb5kdc/principal
        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
        acl_file = /etc/krb5kdc/kadm5.acl
        key_stash_file = /etc/krb5kdc/stash
        kdc_ports = 750,88
        max_life = 10h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
        master_key_type = des3-hmac-sha1
        supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
        default_principal_flags = +preauth
    }

KDCデータベースを初期化して〜

# kdb5_util create -s
Loading random data
Initializing database '/var/lib/krb5kdc/principal' for realm 'HOGEHOGE.COM',
master key name 'K/M@HOGEHOGE.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:

プリンシパルを作るんだ〜

# kadmin.local
Authenticating as principal root/admin@HOGEHOGE.COM with password.
kadmin.local:  addprinc hoge
WARNING: no policy specified for hoge@HOGEHOGE.COM; defaulting to no policy
Enter password for principal "hoge@HOGEHOGE.COM":
Re-enter password for principal "hoge@HOGEHOGE.COM":
Principal "hoge@HOGEHOGE.COM" created.
kadmin.local:  q

ではテスト。

$ kinit hoge
Password for hoge@HOGEHOGE.COM:
New ticket is stored in cache file /tmp/krb5cc_1000

おしまい!

コメントくださいや!先輩!!


最新の20件

2008-03-30 2009-01-25 2010-03-15 2016-08-09 2008-03-30 2016-08-09 2009-03-04 2009-01-24 2008-10-13
  • とっととUbuntuでKerberos構築しろや!
2008-10-12 2008-03-30 2007-09-22

今日の3件

  • counter: 3927
  • today: 1
  • yesterday: 2
  • online: 1