peer

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen: eigene_beispiele bloecke_einruecken_oder_zurueck_ruecken nwtu_2014_2015 os4e_-_2016_-_anfaenger weilharter_8.11.2014 muendliche_reifepruefung_informatik dhcpd.conf junior_eday_oktober_2012 zenturio hinweis_zur_kerberos-konfiguration
hinweis_zur_kerberos-konfiguration

Kerberosinstallation SERVER

# yast2 sw_single
  krb5 alle mögliche Pakete installieren
Folgende Dateien anlegen bzw bearbeiten:
/etc/krb5.conf:
[libdefaults]
        default_realm = NETWORK.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = false
        clockskew = 300
        debug = true

[realms]
NETWORK.LOCAL = {
        kdc = mykdc.network.local
        admin_server = mykdc.network.local
        default_domain = network.local
}

[domain_realm]
        .network.local = NETWORK.LOCAL
        network.local = NETWORK.LOCAL

[appdefaults]
        forwardable = true
        forward = true
        renewable = true
        encrypt = true
        krb4_get_tickets = false
        krb4_convert = false
        krb5_get_tickets = true
        ticket_lifetime = 86400
        renew_lifetime = 2678400

rpc = {
        encrypt = false
        forward = false
}

pam = {
        max_timeout = 2
        timeout_shift = 2
        initial_timeout = 1
        debug = true
        ticket_lifetime = 1d
        renew_lifetime = 1d
        forwardable = true
        proxiable = false
        retain_after_close = false
        minimum_uid = 1
        use_shmem = sshd
}

kinit = {
        forwardable = true
}

xdm = {
        forward = false
}


[logging]
        kdc = FILE:/var/log/krb5/krb5kdc.log
        admin_server = FILE:/var/log/krb5/kadmind.log
        default = SYSLOG:NOTICE:DAEMON
/var/lib/kerberos/krb5kdc/kdc.conf:
[kdcdefaults]
        kdc_ports = 749,88

[realms]
        NETWORK.LOCAL = {
                database_name = /var/lib/kerberos/krb5kdc/principal
                admin_keytab = FILE:/var/lib/kerberos/krb5kdc/kadm5.keytab
                acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl
                dict_file = /var/lib/kerberos/krb5kdc/kadm5.dict
                key_stash_file = /var/lib/kerberos/krb5kdc/.k5.NETWORK.LOCAL
                kdc_ports = 749,88
                max_life = 10h 0m 0s
                max_renewable_life = 7d 0h 0m 0s
                supported_enctypes = des3-hmac-sha1:normal des-cbc-crc:normal
        }

[logging]
    kdc = FILE:/var/log/krb5/krb5kdc.log
    admin_server = FILE:/var/log/krb5/kadmind.log
/var/lib/kerberos/krb5kdc/kadm5.acl:
###############################################################################
#Kerberos_principal      permissions     [target_principal]      [restrictions]
###############################################################################
#
*/admin@NETWORK.LOCAL  *
/etc/hosts:
#
# hosts         This file describes a number of hostname-to-address
#               mappings for the TCP/IP subsystem.  It is mostly
#               used at boot time, when no name servers are running.
#               On small systems, this file can be used instead of a
#               "named" name server.
# Syntax:
#    
# IP-Address  Full-Qualified-Hostname  Short-Hostname
#

127.0.0.1       localhost mykdc network.local
192.168.1.1     mykdc.network.local

# special IPv6 addresses
::1             localhost ipv6-localhost ipv6-loopback

fe00::0         ipv6-localnet

ff00::0         ipv6-mcastprefix
ff02::1         ipv6-allnodes
ff02::2         ipv6-allrouters
ff02::3         ipv6-allhosts
192.168.1.1     s4e.network.local s4e
# ktutil -s create...
# rckrb5kdc start
# rckadmind start
# insserv krb5kdc
# insserv kadmind

hinweis_zur_kerberos-konfiguration.txt · Zuletzt geändert: 2008/10/23 20:43 (Externe Bearbeitung)

Seiten-Werkzeuge

Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki