Configure a System to Authenticate Using Kerberos Flashcards
KDC Server Setup
KDC Server Setup
yum install -y krb5-server krb5-workstation pam-krb5
cd /var/kerberos/krb5kdc/
vim kdc.conf
[realms] MYLABSERVER.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/ka
vim /etc/krb.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults] dns_lookup_realm = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true rdns = false default_realm = MYLABSERVER.COM default_ccache_name = KEYRING:persistent:%{uid}
[realms] MYLABSERVER.COM = { kdc = we3kb1.mylabserver.com admin_server = we3kb1.mylabserver.com }
[domain_realm]
.mylabserver.com = MYLABSERVER.COM
mylabserver.com = MYLABSERVER.COM
cd /var/kerberos/krb5kdc/
vim kadm5.acl
kdb5_util create -s -r MYLABSERVER.COM
systemctl enable krb5kdc kadmin
systemctl start krb5kdc kadmin
kadmin.local addprinc root/admin addprinc user addprinc -randkey host/hostname ktadd host/hostname exit
vim /etc/ssh/ssh_config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
authconfig –enablekrb5 –update
firewall-cmd –permanent –add-port 88/tcp
firewall-cmd –permanent –add-port 88/udp
firewall-cmd –permanent –add-port 749/tcp