Thursday 16 August 2012

configure Kerberos to provide user authentication

Install kerberos server packages

[root@auth1 /]# yum install krb5-server

Add the following rules to iptables


-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 88 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 88 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 464 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 464 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 749 -j ACCEPT


Edit the kdc conf file

[root@auth1 /]# vim /var/kerberos/krb5kdc/kdc.conf

[kdcdefaults]
 v4_mode = nopreauth
 kdc_tcp_ports = 88

[realms]
 auth1.EXAMPLE.COM = {
  #master_key_type = des3-hmac-sha1
  default_priniciple_flags = +preauth
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
 }

Initialise the database

[root@auth1 /]# kdb5_util create

Log in as kadmin.local and create the princs

[root@auth1 /]# kadmin.local



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)