Installation

Installation du système

Nom du serveur	kerb1.univ-rennes1.fr
Système	RedHat Entreprise 5
Ouverture de ports	ssh (22 tcp) kinit (88 tcp/udp) kerberos password (749 tcp) kerberos auth (750 tcp)

Installation du KDC (Key Distribution Center)

Editer le fichier /etc/krb5.conf :

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = UNIV-RENNES1.FR
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 UNIV-RENNES1.FR = {
  kdc = kerb1.univ-rennes1.fr:88
  admin_server = kerb1.univ-rennes1.fr:749
  default_domain = univ-rennes1.fr
 }

[domain_realm]
 .univ-rennes1.fr = UNIV-RENNES1.FR
 univ-rennes1.fr = UNIV-RENNES1.FR

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Installer le package krb5-server.

Editer le fichier /var/kerberos/krb5kdc/kdc.conf :

[kdcdefaults]
 v4_mode = nopreauth
 kdc_ports = 88,750
 kdc_tcp_ports = 88

[realms]
 UNIV-RENNES1.FR = {
  #master_key_type = des3-hmac-sha1
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
 }

Editer le fichier /var/kerberos/krb5kdc/kadm5.acl :

*/admin@UNIV-RENNES1.FR	*

Créer la base Kerberos :

[root@kerb1 ~]# kdb5_util create -s
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'UNIV-RENNES1.FR',
master key name 'K/M@UNIV-RENNES1.FR'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
[root@kerb1 ~]#

Ajouter le premier utilisateur (root/admin) :

[root@kerb1 ~]# kadmin.local -q "addprinc root/admin"
Authenticating as principal root/admin@UNIV-RENNES1.FR with password.
WARNING: no policy specified for root/admin@UNIV-RENNES1.FR; defaulting to no policy
Enter password for principal "root/admin@UNIV-RENNES1.FR":
Re-enter password for principal "root/admin@UNIV-RENNES1.FR":
Principal "root/admin@UNIV-RENNES1.FR" created.
[root@kerb1 ~]#

Démarrer les services :

[root@kerb1 ~]# chkconfig kadmin on
[root@kerb1 ~]# service kadmin start
Starting Kerberos 5 Admin Server:                          [  OK  ]
[root@kerb1 ~]# chkconfig krb5kdc on
[root@kerb1 ~]# service krb5kdc start
Starting Kerberos 5 KDC:                                   [  OK  ]
[root@kerb1 ~]#

Vérification en affichant la liste des principals :

[root@kerb1 ~]# kadmin -p root/admin
Authenticating as principal root/admin with password.
Password for root/admin@UNIV-RENNES1.FR:
kadmin:  listprincs
K/M@UNIV-RENNES1.FR
kadmin/admin@UNIV-RENNES1.FR
kadmin/changepw@UNIV-RENNES1.FR
kadmin/history@UNIV-RENNES1.FR
kadmin/localhost.localdomain@UNIV-RENNES1.FR
krbtgt/UNIV-RENNES1.FR@UNIV-RENNES1.FR
root/admin@UNIV-RENNES1.FR
kadmin:  exit
[root@kerb1 ~]#

A compléter.

Pages enfant

Pages Authentification des utilisateurs - de LDAP à Kerberos Serveur Kerberos maître

Installation

Installation du système

Installation du KDC (Key Distribution Center)

Pages
Authentification des utilisateurs - de LDAP à Kerberos

Serveur Kerberos maître