Actions
Kerberos Client¶
Install on Windows¶
Install on Linux¶
- Install the packages
sudo apt-get install krb5-clients
- Install openbsd's inetd server and config
sudo apt-get install openbsd-inetd sudo apt-get install krb5-rsh-server sudo update-rc.d -f openbsd-inetd remove sudo update-rc.d openbsd-inetd defaults sudo update-inetd --enable kshell sudo update-inetd --enable eklogin sudo invoke-rc.d openbsd-inetd restart
- Setup the keytab on the host
sudo kadmin [sudo] password for foley: Authenticating as principal foley/admin@DEV.RU.IS with password. Password for foley/admin@DEV.RU.IS: kadmin: addprinc -policy service -randkey host/stekkjarstaur.dev.ru.is Principal "host/stekkjarstaur.dev.ru.is@DEV.RU.IS" created. kadmin: ktadd -k /etc/krb5.keytab -norandkey host/gryla.dev.ru.is kadmin: Principal -norandkey does not exist. Entry for principal host/gryla.dev.ru.is with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/gryla.dev.ru.is with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/gryla.dev.ru.is with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/gryla.dev.ru.is with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
- Test with encryption and the ProtocolNew
krb5-rsh -x -PN gryla.dev.ru.is /bin/bash
- You should now be able to run commands on the host!
Issues¶
- You may get an connection refused. It usually means that the port is not correct. Add this line to the server's /etc/inetd.conf
klogin stream tcp nowait root /usr/sbin/tcpd /usr/sbin/klogin\ d -5ec
- If kerberos has issues, check on the PTR records and other DNS config. It is one of the things that gets checked by kerberos
- Look into /etc/hosts and make sure that it matches the hostname in the ke
Updated by Joseph Foley over 9 years ago · 1 revisions