Configure a System to Authenticate Using Kerberos Flashcards Preview

RHCE > Configure a System to Authenticate Using Kerberos > Flashcards

Flashcards in Configure a System to Authenticate Using Kerberos Deck (1):
1

KDC Server Setup

yum install -y krb5-server krb5-workstation pam-krb5

cd /var/kerberos/krb5kdc/
vim kdc.conf

[realms]
MYLABSERVER.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/ka

vim /etc/krb.conf

[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_realm = MYLABSERVER.COM
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
MYLABSERVER.COM = {
kdc = we3kb1.mylabserver.com
admin_server = we3kb1.mylabserver.com
}

[domain_realm]
.mylabserver.com = MYLABSERVER.COM
mylabserver.com = MYLABSERVER.COM

cd /var/kerberos/krb5kdc/
vim kadm5.acl

kdb5_util create -s -r MYLABSERVER.COM

systemctl enable krb5kdc kadmin
systemctl start krb5kdc kadmin

kadmin.local
addprinc root/admin
addprinc user
addprinc -randkey host/hostname
ktadd host/hostname
exit

vim /etc/ssh/ssh_config
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

authconfig --enablekrb5 --update

firewall-cmd --permanent --add-port 88/tcp
firewall-cmd --permanent --add-port 88/udp
firewall-cmd --permanent --add-port 749/tcp