kerberos服务器端

于 2014-01-10 14:07:02 发布
阅读量270 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: kerberos 文章标签: c/c++ 数据库 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/iteye_14058/article/details/82566476
1.安装tcl 
	wget http://downloads.sourceforge.net/project/tcl/Tcl/8.5.12/tcl8.5.12-src.tar.gz
	tar zvxf tcl8.5.12-src.tar.gz
	cd tcl8.5.12
	cd unix
	./configure
	make
	make install


2, 下载
http://web.mit.edu/kerberos/dist/krb5/1.10/krb5-1.10.3-signed.tar

3.解压 
	tar xvf krb5-1.10.3-signed.tar
	tar zvxf krb5-1.10.3.tar.gz
	cd krb5-1.10.3


3.编译 
	./configure --enable-dns-for-realm --with-tcl=/usr/local/lib/tcl8.5
	增加对dns 和tcl支持。
	make
	make check
        make install


4.时间校对
crontab中配置时间校对(服务端、客户端时间不一致无法连接) 
0-59/10 * * * * /usr/sbin/ntpdate us.pool.ntp.org


5,配置/etc/krb5.conf文件 

[logging]
	default = FILE:/var/log/krb5libs.log
	kdc = FILE:/var/log/krb5kdc.log
	admin_server = FILE:/var/log/kadmind.log

[libdefaults]
	default_realm = DEVAPP.COM
	dns_lookup_realm = false
	dns_lookup_kdc = false
	ticket_lifetime = 24h
	forwardable = yes

[realms]
	DEVAPP.COM = {
	kdc = kerberos.devapp.com:88
	admin_server = kerberos.devapp.com:749
	default_domain = devapp.com
 }

[domain_realm]
	.devapp.com = DEVAPP.COM
	devapp.com = DEVAPP.COM

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

[kdc]  
    profile=/usr/local/var/krb5kdc/kdc.conf


6.配置/usr/local/var/krb5kdc/kdc.conf
可以从/usr/local/share/examples/krb5/kdc.conf 复制一份。 

[kdcdefaults]
kdc_ports = 750,88

[realms]
DEVAPP.COM = {
       database_name = /usr/local/var/krb5kdc/principal
       admin_keytab = /usr/local/var/krb5kdc/kadm5.keytab 
       acl_file = /usr/local/var/krb5kdc/kadm5.acl
       key_stash_file = /usr/local/var/krb5kdc/.k5.DEVAPP.COM
       kdc_ports = 750,88
       max_life = 10h 0m 0s
       max_renewable_life = 7d 0h 0m 0s
}


7,创建数据库 
/usr/local/sbin/kdb5_util create -r DEVAPP.COM -s

系统添加用户useradd devk
1)kadmin.local 中查看用户 
listprincs

2)kadmin.local 中添加用户 
addprinc dev@DEVAPP.COM


8,重启krb5kdc和kadmind进程 
/usr/local/sbin/kadmind 
/usr/local/sbin/krb5kdc


9,配置服务端/etc/hosts 
#本机的KDC服务hosts
192.168.0.102 devapp.com kerberos.devapp.com
#客户机的hosts
192.168.0.103 103.devapp.com
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值