Installation
Installation du système
Nom du serveur |
kerb1.univ-rennes1.fr |
Système |
RedHat Entreprise 5 |
Ouverture de ports |
ssh (22 tcp) |
Installation du KDC (Key Distribution Center)
Editer le fichier /etc/krb5.conf :
[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = UNIV-RENNES1.FR dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] UNIV-RENNES1.FR = { kdc = kerb1.univ-rennes1.fr:88 admin_server = kerb1.univ-rennes1.fr:749 default_domain = univ-rennes1.fr } [domain_realm] .univ-rennes1.fr = UNIV-RENNES1.FR univ-rennes1.fr = UNIV-RENNES1.FR [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false }
Installer le package krb5-server.
Editer le fichier /var/kerberos/krb5kdc/kdc.conf :
[kdcdefaults] v4_mode = nopreauth kdc_ports = 88,750 kdc_tcp_ports = 88 [realms] UNIV-RENNES1.FR = { #master_key_type = des3-hmac-sha1 acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 }
Editer le fichier /var/kerberos/krb5kdc/kadm5.acl :
*/admin@UNIV-RENNES1.FR *
Créer la base Kerberos :
[root@kerb1 ~]# kdb5_util create -s Loading random data Initializing database '/var/kerberos/krb5kdc/principal' for realm 'UNIV-RENNES1.FR', master key name 'K/M@UNIV-RENNES1.FR' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: Re-enter KDC database master key to verify: [root@kerb1 ~]#
Ajouter le premier utilisateur (root/admin) :
[root@kerb1 ~]# kadmin.local -q "addprinc root/admin" Authenticating as principal root/admin@UNIV-RENNES1.FR with password. WARNING: no policy specified for root/admin@UNIV-RENNES1.FR; defaulting to no policy Enter password for principal "root/admin@UNIV-RENNES1.FR": Re-enter password for principal "root/admin@UNIV-RENNES1.FR": Principal "root/admin@UNIV-RENNES1.FR" created. [root@kerb1 ~]#
Démarrer les services :
[root@kerb1 ~]# chkconfig kadmin on [root@kerb1 ~]# service kadmin start Starting Kerberos 5 Admin Server: [ OK ] [root@kerb1 ~]# chkconfig krb5kdc on [root@kerb1 ~]# service krb5kdc start Starting Kerberos 5 KDC: [ OK ] [root@kerb1 ~]#
Vérification en affichant la liste des principals :
[root@kerb1 ~]# kadmin -p root/admin Authenticating as principal root/admin with password. Password for root/admin@UNIV-RENNES1.FR: kadmin: listprincs K/M@UNIV-RENNES1.FR kadmin/admin@UNIV-RENNES1.FR kadmin/changepw@UNIV-RENNES1.FR kadmin/history@UNIV-RENNES1.FR kadmin/localhost.localdomain@UNIV-RENNES1.FR krbtgt/UNIV-RENNES1.FR@UNIV-RENNES1.FR root/admin@UNIV-RENNES1.FR kadmin: exit [root@kerb1 ~]#
A compléter.