...
- Netmask : 255.255.255.0
- Gateway : 148.60.10.254
- DNS : 148.60.4.1
- NTP : ntp1.univ-rennes1.fr
Serveur Kerberos
...
et configuration du serveur Kerberos
Serveur CAS
Installation et configuration du serveur CAS
Serveur LDAP
Boot sur CD Fedora 10.
- FQDN : kerb.ifsic.univ-rennes1.fr
- IP : 148.60.10.50
Packages additionnels installés :
- Servers -> Network servers -> kerb5-server
Configuration NTP
Configuration Kerberos
Modification de quelques fichiers de configuration pour créer le royaume IFSIC.TEST.
/etc/krb5.conf
| Bloc de code |
|---|
[libdefaults]
default_realm = IFSIC.TEST
default_etypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
permitted_enctypes = des3-hmac-sha1 des-cbc-crc rc4-hmac
|
/var/kerberos/krb5kdc/kdc.conf
| Bloc de code |
|---|
[realms]
IFSIC.TEST = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 rc4-hmac:normal
}
|
/var/kerberos/krb5kdc/kadm5.acl
| Bloc de code |
|---|
*/admin@IFSIC.TEST * |
/etc/gssapi_mech.conf
En 64 bits seulement :
| Bloc de code |
|---|
# library initialization function
# ================================ ==========================
# The MIT K5 gssapi library, use special function for initialization.
libgssapi_krb5.so mechglue_internal_krb5_init |
Création de la base Kerberos :
| Bloc de code |
|---|
[root@kerb ~] kdb5_util create -s |
Ajout du premier utilisateur (root) :
| Bloc de code |
|---|
[root@kerb ~] kadmin.local -q "addprinc root/admin" |
Démarrage des services (auparavant arrêter SeLinux) :
| Bloc de code |
|---|
[root@kerb ~] setenforce 0
[root@kerb ~] chkconfig kadmin on
[root@kerb ~] service kadmin start
[root@kerb ~] chkconfig krb5kdc on
[root@kerb ~] service krb5kdc start |
Vérification en affichant la liste des principals :
| Bloc de code |
|---|
[root@kerb ~]# kadmin
Authenticating as principal root/admin@IFSIC.TEST with password.
Password for root/admin@IFSIC.TEST:
kadmin: listprincs
K/M@IFSIC.TEST
kadmin/admin@IFSIC.TEST
kadmin/changepw@IFSIC.TEST
kadmin/history@IFSIC.TEST
kadmin/kerb.ifsic.univ-rennes1.fr@IFSIC.TEST
krbtgt/IFSIC.TEST@IFSIC.TEST
ldap/zag.ifsic.univ-rennes1.fr@IFSIC.TEST
root/admin@IFSIC.TEST |
Ajout d'un principal pour le KDC lui-même (indispensable pour la réplication) :
| Bloc de code |
|---|
[root@kerb ~]# kadmin
Authenticating as principal root/admin@IFSIC.TEST with password.
Password for root/admin@IFSIC.TEST:
kadmin: addprinc -randkey host/kerb.ifsic.univ-rennes1.fr
WARNING: no policy specified for host/kerb.ifsic.univ-rennes1.fr@IFSIC.TEST; defaulting to no policy
Principal "host/kerb.ifsic.univ-rennes1.fr@IFSIC.TEST" created.
|
Ajout d'un utilisateur (kerb) pour les tests :
| Bloc de code |
|---|
[root@kerb ~]# kadmin
Authenticating as principal root/admin@IFSIC.TEST with password.
Password for root/admin@IFSIC.TEST:
kadmin: addprinc kerb
WARNING: no policy specified for kerb@IFSIC.TEST; defaulting to no policy
Enter password for principal "kerb@IFSIC.TEST":
Re-enter password for principal "kerb@IFSIC.TEST":
Principal "kerb@IFSIC.TEST" created. |
Serveur CAS
Boot sur CD Fedora 10.
...
Installation et configuration du serveur LDAP
...