Lesson 7

Date: 3/5/2009

Kerberos Authentication

Linux for Engineering and IT applications

Kerberos server configuration

Configuration file /etc/krb5.conf defines realms, the default realm, the KDC servers for the realms, encryption algorithms, log file location.

[libdefaults]
        default_realm = RUTGERS.EDU

[realms]
RUTGERS.EDU = {
        kdc = node16.rutgers.edu
        admin_server = node16.rutgers.edu
        kpasswd_protocol = SET_CHANGE
        default_domain = rutgers.edu
}

[domain_realm]
        rutgers.edu = RUTGERS.EDU

[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log

Configuration file /etc/krb5kdc/kdc.conf defaines realms to served by the KDC, and the location of the principal's database.

[kdcdefaults]
    kdc_ports = 88

[realms]
    RUTGERS.EDU = {
        database_name = /var/lib/krb5kdc/principal
        admin_keytab = FILE:/etc/krb5kdc/kadm5.keytab
        acl_file = /etc/krb5kdc/kadm5.acl
        key_stash_file = /etc/krb5kdc/stash
        kdc_ports = 88
        max_life = 10h 0m 0s
        max_renewable_life = 7d 0h 0m 0s
        master_key_type = des-cbc-crc
        supported_enctypes = des-cbc-crc:normal
        default_principal_flags = +preauth
    }

Initialize Kerberos database

kdb5_util create -s

Kerberos ticket exchange for authentication
NIS/Kerberos Centralized Authentication
Installation
Kerberos processes
server configuration
Kerberos principals
Setting Kerberos client
Take me to the Course Website