Configure a System to Authenticate Using Kerberos Flashcards

KDC Server Setup

1
Q

KDC Server Setup

A

yum install -y krb5-server krb5-workstation pam-krb5

cd /var/kerberos/krb5kdc/
vim kdc.conf

[realms]
 MYLABSERVER.COM = {
  #master_key_type = aes256-cts
  acl_file = /var/kerberos/krb5kdc/ka

vim /etc/krb.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
 default_realm = MYLABSERVER.COM
 default_ccache_name = KEYRING:persistent:%{uid}
[realms]
 MYLABSERVER.COM = {
  kdc = we3kb1.mylabserver.com
  admin_server = we3kb1.mylabserver.com
 }

[domain_realm]
.mylabserver.com = MYLABSERVER.COM
mylabserver.com = MYLABSERVER.COM

cd /var/kerberos/krb5kdc/
vim kadm5.acl

kdb5_util create -s -r MYLABSERVER.COM

systemctl enable krb5kdc kadmin
systemctl start krb5kdc kadmin

kadmin.local
addprinc root/admin
addprinc user
addprinc -randkey host/hostname
ktadd host/hostname
exit

vim /etc/ssh/ssh_config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

authconfig –enablekrb5 –update

firewall-cmd –permanent –add-port 88/tcp
firewall-cmd –permanent –add-port 88/udp
firewall-cmd –permanent –add-port 749/tcp

How well did you know this?
1
Not at all
2
3
4
5
Perfectly