(轉)RedHat/CentOS安裝和配置kerberos
RedHat/CentOS安裝和配置kerberos
須要在kerberos server和客戶端都先安裝ntp (Internet時間協議,保證服務器和客戶機時間同步 )服務器
1 kerberos 服務器端
1.1. install /start ntp
#sudo yum install ntp
#sudo service ntpd start
1.2. install kerberos server:
#yum install krb5-server krb5-libs krb5-auth-dialog
可選: install kerberos client:
# yum install krb5-workstation dom
1.3 Edit /etc/krb5.conf and /var/kerberos/krb5kdc/kdc.conf
# sudo vi /etc/krb5.conf
Replacing EXAMPLE.COM with your domain name.
Replace the kerberos.example.com with your kdc server.
# sudo vi /var/kerberos/krb5kdc/kdc.conf
Replacing EXAMPLE.COM with your domain name.
1.4. create the databse using kdb5_util utility.
# sudo /usr/sbin/kdb5_util create -s
1.5. Edit /var/kerberos/krb5kdc/kadm5.acl file
# sudo vi /var/kerberos/krb5kdc/kadm5.acl file
such as:將 */admin@EXAMPLE.COM * 改成*/admin@MYCOMPANY.COM
1.6. use kadmin.local to add admin user:
#kadmin.local
#addprinc steve/admin
#addprinc tony/admin
1.7. start kerberos:
# /sbin/service krb5kdc start
# /sbin/service kadmin start
1.8. now you can use kadmin to manage principal:
#kadmin -q "addprinc user1/admin"
This way you actaully use client mode to connect to kdc and do admin level task
1.9. verify KDC ok.
#kinit tony/admin
#klistserver
2 各個客戶機端
2.1. install kerberos client
#yum install krb5-workstation
2.2. edit /etc/krb5.conf
#sudo vi /etc/krb5.conf
Replace the EXAMPLE.com with your domain name
replace the kerberos.example.com with your kdc server
2.3. authenticate the admin user with kerberos
#kinit steve/admin
view the principls from client machine:
#sudo kadmin
#list_principalsip
3 用kerberos進行OS 級本地認證和遠程登陸
-----------------enable kerbose local authentication----------
1. install pAM
sudo apt-get install libpam-krb5
2. view conf file:
sudo cat /etc/pam.d/common-authci
------------configure the client can remote login using kerborse-----------
1. create another principal such as:
service/clienthost@realm
2. add the keytab for such principal
kadmin : ktadd -k /etc/service.keytab service/clienthost@realm
save the keytab to /etc/krb5.keytabrem
管理keytab
服務principal的credential須要保存在keytab文件中。get
1.獲取keytab
進入kadmin同步
1.1 用ktadd : it
ktadd -k $<keytab_file_name> service/servicehost@realm 或者 #ktadd -k $<keytab_file_name> service/servicehostio
好比:
# ktadd -k /etc/myservice.keytab myservice/servicehost
1.2 用xst
xst -k $<keytab_file_name> $service/servicehost
2. 查看keytab
klist -k -t $<keytab_file_name>
- 1. kerberos 安裝和配置
- 2. 安裝配置Kerberos
- 3. 安裝與配置kerberos
- 4. Kerberos 安裝與配置 (七)
- 5. Kerberos+SSH安裝配置使用教程
- 6. kerberos安裝配置與使用
- 7. kerberos集羣安裝配置(十)
- 8. kerberos安裝及高可用配置
- 9. Kerberos 基本安裝與配置
- 10. 【轉】Zookeeper 安裝和配置
- 更多相關文章...
- • Git 安裝配置 - Git 教程
- • MySQL免安裝版配置教程 - MySQL教程
- • Composer 安裝與使用
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. kerberos 安裝和配置
- 2. 安裝配置Kerberos
- 3. 安裝與配置kerberos
- 4. Kerberos 安裝與配置 (七)
- 5. Kerberos+SSH安裝配置使用教程
- 6. kerberos安裝配置與使用
- 7. kerberos集羣安裝配置(十)
- 8. kerberos安裝及高可用配置
- 9. Kerberos 基本安裝與配置
- 10. 【轉】Zookeeper 安裝和配置