[1] http://en.wikipedia.org/wiki/Kerberos_(protocol)
[2] http://web.mit.edu/kerberos/#what_is
[3] http://www.kerberos.info/
Environment:
Operating System: Ubuntu 10.04 Lucid Lynx 64 bit Edition
Kerberos : MIT Kerberos V5
MIT Kerberos, an implementation of Kerberos, will be used to authenticate users
Installation
Step 1: Install Key Distribution Center(KDC) and administration serversudo apt-get install krb5-{admin-server,kdc}
It will install master kdc and admin server , we can configure multiple slave kdc under a single master kdc. KDC installation will ask following questions
1. Default Kerberos version 5 realm?
We can gave any ASCII string as realm but conventionally use the upper case version of domain name 2. Kerberos4 compatibility mode to use?
Give it as 'none'
3.What are the Kerberos servers for your realm?
Fully qualified domain name of kerberos server
4.What is the administrative server for your realm?
Fully qualified domain name of kerberos server
Step 2:Create new realm use 'krb5_relam'
Use the command krb5_newrealm in the terminal
krb5_newrealm
The command will ask about the master password(don't forgot this) and create the realm using the name as define in the previous steps
Step 3:Restart Administrative server and key distribution center
sudo invoke-rc.d krb5-admin-server restart sudo invoke-rc.d krb5-kdc restartStep 4 :Initial Test
To just quickly test the installation, we will use the 'kadmin.local' database administration program. Start kadmin.local, then type 'listprincs'. That command should print out the list of principals. For example
sudo kadmin.local Authenticating as principal root/admin@TEST.COM with password. kadmin.local: listprincs K/M@TEST.COM kadmin/admin@TEST.COM kadmin/changepw@TEST.COM kadmin/history@TEST.COM krbtgt/TEST.COM@TEST.COM kadmin.local: quit'kadmin.local' work only in kerberos administration center\
Step 5:Access Rights
Edit /etc/krb5kdc/kadm5.acl file, and uncomment '*/admin *' line Enter into 'kadmin.local' and add policy for root user 'addprinc root/admin' For example
sudo kadmin.local Authenticating as principal root/admin@TEST.COM with password. kadmin.local: addprinc root/admin WARNING: no policy specified for root/admin@TEST.COM; defaulting to no policy Enter password for principal "root/admin@TEST.COM": PASSWORD Re-enter password for principal "root/admin@TEST.COM": PASSWORD Principal "root/admin@TEST.COM" created. kadmin.local: quitRestart Administrative server and key distribution center(Refer step 3) Test the new step using 'kadmin'. Kadmin as root/admin using
kadmin -p root/adminIf the configuration is correct, it will ask for password
Step 6: Obtaining a Kerberos Ticket
Commands
klist -5 -List the cached ticket
kinit -to obtain ticket for current user
Step 7:Installing Kerberized Services
Kerberized service is need to authenticate with kerberos.
Install krb5-clients and krb5-user in each host, where we want to use kerberos authentication.
References
[1] http://www.debian-administration.org/articles/570
[2] http://web.mit.edu/kerberos/krb5-1.8/krb5-1.8.1/doc/krb5-install.html
[3] http://techpubs.spinlocksolutions.com/dklar/kerberos.html
sudo apt-get install krb5-rsh-server sudo update-rc.d openbsd-inetd defaults sudo invoke-rc.d openbsd-inetd restartStep 8:Connecting to a Kerberos Server
Install krb5-clients and krb5-user in each host, where we want to use kerberos authentication.
sudo apt-get install krb5-clients krb5-userIt will ask for kerberos administration and key distribution center details
References
[1] http://www.debian-administration.org/articles/570
[2] http://web.mit.edu/kerberos/krb5-1.8/krb5-1.8.1/doc/krb5-install.html
[3] http://techpubs.spinlocksolutions.com/dklar/kerberos.html
Nice and good article. It is very useful for me to learn and understand easily. Thanks for sharing your valuable information and time. Please keep updating Hadoop Administration Online Training
ReplyDelete