Ubuntu Server Guide Changes, errors and bugs
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
Kerberos Server
Installation For this discussion, we will create a MIT Kerberos domain with the following features (edit them to fit your needs): • Realm: EXAMPLE.COM • Primary KDC: kdc01.example.com (192.168.0.1) • Secondary KDC: kdc02.example.com (192.168.0.2) • User principal: ubuntu • Admin principal: ubuntu/admin Note It is strongly recommended that your network-authenticated users have their uid in a different range (say, starting at 5000) than that of your local users. Before installing the Kerberos server a properly configured DNS server is needed for your domain. Since the Kerberos Realm by convention matches the domain name, this section uses the EXAMPLE.COM domain configured in the section Primary Server of the DNS documentation. Also, Kerberos is a time sensitive protocol. So if the local system time between a client machine and the server differs by more than five minutes (by default), the workstation will not be able to authenticate. To correct the problem all hosts should have their time synchronized using the same Network Time Protocol (NTP) server. Check out the NTP chapter for more details. The first step in creating a Kerberos Realm is to install the krb5-kdc and krb5-admin-server packages. From a terminal enter: sudo apt i n s t a l l krb5−kdc krb5−admin−s e r v e r You will be asked at the end of the install to supply the hostname for the Kerberos and Admin servers, which may or may not be the same server, for the realm. Since we are going to create the realm, and thus these servers, type in the full hostname of this server. Note By default the realm is created from the KDC’s domain name. Next, create the new realm with the kdb5_newrealm utility: sudo krb5_newrealm It will ask you for a database master password, which is used to encrypt the local database. Chose a secure password: its strength is not verified for you. Download 1.27 Mb. Do'stlaringiz bilan baham: |
Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling
ma'muriyatiga murojaat qiling