Created
March 10, 2014 11:55
-
-
Save budougumi0617/9463791 to your computer and use it in GitHub Desktop.
VirtualBox+CentOS6.5上でKerberosサーバを構築する ref: http://qiita.com/budougumi0617/items/6c4d4874101a2de25064
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #vi /etc/sysconfig/network-scripts/ifcfg-eth0 | |
| DEVICE=eth0 | |
| TYPE=Ethernet | |
| UUID=a7a64eb7-efc4-4db7-bcb4-c7f8a233ca9d | |
| ONBOOT=yes | |
| NM_CONTROLLED=yes | |
| BOOTPROTO=dhcp | |
| HWADDR=08:00:27:A1:66:B2 | |
| DEFROUTE=yes | |
| PEERDNS=yes | |
| PEERROUTES=yes | |
| IPV4_FAILURE_FATAL=yes | |
| IPV6INIT=no | |
| NAME="System eth0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/rc.d/init.d/iptables stop | |
| chkconfig iptables off | |
| chkconfig --list iptables |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@server ~]# kadmin.local | |
| Authenticating as principal root/[email protected] with password. | |
| kadmin.local: addprinc root/admin | |
| WARNING: no policy specified for root/[email protected]; defaulting to no policy | |
| Enter password for principal "root/[email protected]": | |
| Re-enter password for principal "root/[email protected]": | |
| Principal "root/[email protected]" created. | |
| kadmin.local: addprinc user01 | |
| WARNING: no policy specified for [email protected]; defaulting to no policy | |
| Enter password for principal "[email protected]": | |
| Re-enter password for principal "[email protected]": | |
| Principal "[email protected]" created. | |
| kadmin.local: listp | |
| listpols listprincs | |
| kadmin.local: listp | |
| listpols listprincs | |
| kadmin.local: listprincs | |
| K/[email protected] | |
| krbtgt/[email protected] | |
| root/[email protected] | |
| [email protected] | |
| kadmin.local: addprinc -randkey kadmin/admin | |
| WARNING: no policy specified for kadmin/[email protected]; defaulting to no policy | |
| Principal "kadmin/[email protected]" created. | |
| kadmin.local: addprinc -randkey kadmin/changepw | |
| WARNING: no policy specified for kadmin/[email protected]; defaulting to no policy | |
| Principal "kadmin/[email protected]" created. | |
| kadmin.local: exit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # cat /etc/krb5.conf | |
| [logging] | |
| default = FILE:/var/log/krb5libs.log | |
| kdc = SYSLOG:INFO:LOCAL5 | |
| admin_server = SYSLOG:INFO:LOCAL5 | |
| [libdefaults] | |
| #default_realm = EXAMPLE.COM | |
| dns_lookup_realm = true | |
| dns_lookup_kdc = true | |
| ticket_lifetime = 24h | |
| renew_lifetime = 7d | |
| forwardable = true | |
| [realms] | |
| SERVER.LOCAL = { | |
| kdc = kerberos.server.local | |
| admin_server = kerberos.server.local | |
| default_domain = server.local | |
| kdc = kerberos | |
| } | |
| [domain_realm] | |
| .example.com = EXAMPLE.COM | |
| example.com = EXAMPLE.COM |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # cat /etc/hosts | |
| 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 | |
| ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 | |
| ***.***.***.*** kerberos.server.local kerberos |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # kinit [email protected] | |
| Password for [email protected]: | |
| # klist | |
| Ticket cache: FILE:/tmp/krb5cc_0 | |
| Default principal: [email protected] | |
| Valid starting Expires Service principal | |
| 03/10/14 16:18:23 03/11/14 16:17:27 krbtgt/[email protected] | |
| renew until 03/10/14 16:18:23 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vi /etc/sysconfig/selinux |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| proxy=http://proxy.server.co.jp:8080 | |
| proxy_username=YOUR_ID | |
| proxy_password=YOUR_PASSWORD |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| yum upudate -y |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| yum -y install krb5-server krb5-workstation words portreserve |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@server ~]# cat /var/kerberos/krb5kdc/kadm5.acl | |
| #*/[email protected] * | |
| */[email protected] * |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@server ~]# cat /var/kerberos/krb5kdc/kdc.conf | |
| [kdcdefaults] | |
| kdc_ports = 88 | |
| kdc_tcp_ports = 88 | |
| [realms] | |
| # EXAMPLE.COM = { | |
| SERVER.LOCAL = { | |
| #master_key_type = aes256-cts | |
| acl_file = /var/kerberos/krb5kdc/kadm5.acl | |
| dict_file = /usr/share/dict/words | |
| admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab | |
| supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [root@server ~]# cat /etc/krb5.conf | |
| [logging] | |
| default = FILE:/var/log/krb5libs.log | |
| kdc = FILE:/var/log/krb5kdc.log | |
| admin_server = FILE:/var/log/kadmind.log | |
| [libdefaults] | |
| default_realm = SERVER.LOCAL | |
| dns_lookup_realm = false | |
| dns_lookup_kdc = false | |
| ticket_lifetime = 24h | |
| renew_lifetime = 7d | |
| forwardable = true | |
| [realms] | |
| EXAMPLE.COM = { | |
| kdc = kerberos.example.com | |
| admin_server = kerberos.example.com | |
| } | |
| SERVER.LOCAL = { | |
| kdc = kerberos.server.local | |
| admin_server = kerberos.server.local | |
| } | |
| [domain_realm] | |
| .example.com = EXAMPLE.COM | |
| example.com = EXAMPLE.COM | |
| .server.local = SERVER.LOCAL | |
| server.local = SERVER.LOCAL |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kdb5_util create -s |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment