Anyway, assuming that you have a working KDC server, see my post on openSSH with Kerberos for details of configuring a KDC, you can use authconfig-tui to configure Kerberos on your client.
You can then check the /etc/krb5.conf file should now be modified to:
[logging]Unfortunately, this will not actually do much.
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = DOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
DOMAIN.COM = {
kdc = yetanother.domain.com
admin_server = yetanother.domain.com
}
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
kinitAs mentioned above you need a user principal in order to get a ticket and a user to be able to do anything useful. Let's say that you have openLDAP configured (have a look at this post if in doubt) and you have a user account called crap in that domain. Assuming that a principal for crap exists and you know the password you can just do:
kinit: Client not found in Kerberos database while getting initial credentials
kinit crapand provided that you typed the right password, you'll get a ticket, check with:
klist
Ticket cache: FILE:/tmp/krb5cc_0Have a look at my previous post to configure openSSH to work with Kerberos.
Default principal: crap@DOMAIN.COM
Valid starting Expires Service principal
06/17/11 11:59:53 06/18/11 11:59:53 krbtgt/DOMAIN.COM@DOMAIN.COM
renew until 06/17/11 11:59:53
No comments:
Post a Comment