Ubuntu Server Guide Changes, errors and bugs
Download 1.27 Mb. Pdf ko'rish
|
ubuntu-server-guide
- Bu sahifa navigatsiya:
- Installation
|
Kerberos Linux Client
This section covers configuring a Linux system as a Kerberos client. This will allow access to any kerberized services once a user has successfully logged into the system. Note that Kerberos alone is not enough for a user to exist in a Linux system. Meaning, we cannot just point the system at a kerberos server and expect all the kerberos principals to be able to login on the linux system, simply because these users do not exist locally. Kerberos only provides authentication: it doesn’t know about user groups, Linux uids and gids, home directories, etc. Normally another network source is used for this information, such as an LDAP or Windows server, and, in the old days, NIS was used for that as well. 178 Installation If you have local users matching the principals in a Kerberos realm, and just want to switch the authentication from local to remote using Kerberos, you can follow this section. This is not a very usual scenario, but serves to highlight the separation between user authentication and user information (full name, uid, gid, home directory, groups, etc). If you just want to be able to grab tickets and use them, it’s enough to install krb5−user and run kinit . We are going to use sssd with a trick so that it will fetch the user information from the local system files, instead of a remote source which is the common case. To install the packages enter the following in a terminal prompt: sudo apt i n s t a l l krb5−u s e r s s s d −krb5 You will be prompted for the addresses of your KDCs and admin servers. If you have been following this chapter so far, the KDCs will be: kdc01.example.com kdc02.example.com (space separated) And the admin server will be: kdc01.example.com. Remember that kdc02 is a read-only copy of the primary KDC, so it doesn’t run an admin server. Download 1.27 Mb. Do'stlaringiz bilan baham: 
|