Kerberos Client » History » Version 1
Joseph Foley, 2015-09-05 02:51
| 1 | 1 | Joseph Foley | h1. Kerberos Client |
|---|---|---|---|
| 2 | |||
| 3 | h2. Install on Windows |
||
| 4 | |||
| 5 | * https://www.secure-endpoints.com/netidmgr/v2/#download |
||
| 6 | |||
| 7 | h2. Install on Linux |
||
| 8 | |||
| 9 | # Install the packages |
||
| 10 | <pre>sudo apt-get install krb5-clients</pre> |
||
| 11 | # Install openbsd's inetd server and config |
||
| 12 | <pre>sudo apt-get install openbsd-inetd |
||
| 13 | sudo apt-get install krb5-rsh-server |
||
| 14 | |||
| 15 | sudo update-rc.d -f openbsd-inetd remove |
||
| 16 | sudo update-rc.d openbsd-inetd defaults |
||
| 17 | |||
| 18 | sudo update-inetd --enable kshell |
||
| 19 | sudo update-inetd --enable eklogin |
||
| 20 | |||
| 21 | sudo invoke-rc.d openbsd-inetd restart |
||
| 22 | </pre> |
||
| 23 | # Setup the keytab on the host |
||
| 24 | <pre>sudo kadmin |
||
| 25 | [sudo] password for foley: |
||
| 26 | Authenticating as principal foley/admin@DEV.RU.IS with password. |
||
| 27 | Password for foley/admin@DEV.RU.IS: |
||
| 28 | kadmin: addprinc -policy service -randkey host/stekkjarstaur.dev.ru.is |
||
| 29 | Principal "host/stekkjarstaur.dev.ru.is@DEV.RU.IS" created. |
||
| 30 | kadmin: ktadd -k /etc/krb5.keytab -norandkey host/gryla.dev.ru.is |
||
| 31 | kadmin: Principal -norandkey does not exist. |
||
| 32 | Entry for principal host/gryla.dev.ru.is with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. |
||
| 33 | Entry for principal host/gryla.dev.ru.is with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab. |
||
| 34 | Entry for principal host/gryla.dev.ru.is with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. |
||
| 35 | Entry for principal host/gryla.dev.ru.is with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab. |
||
| 36 | |||
| 37 | </pre> |
||
| 38 | # Test with encryption and the ProtocolNew |
||
| 39 | <pre>krb5-rsh -x -PN gryla.dev.ru.is /bin/bash</pre> |
||
| 40 | ## You should now be able to run commands on the host! |
||
| 41 | |||
| 42 | h2. Issues |
||
| 43 | |||
| 44 | * You may get an connection refused. It usually means that the port is not correct. Add this line to the server's /etc/inetd.conf |
||
| 45 | <pre> klogin stream tcp nowait root /usr/sbin/tcpd /usr/sbin/klogin\ |
||
| 46 | d -5ec |
||
| 47 | </pre> |
||
| 48 | |||
| 49 | * If kerberos has issues, check on the PTR records and other DNS config. It is one of the things that gets checked by kerberos |
||
| 50 | ** Look into /etc/hosts and make sure that it matches the hostname in the ke |