0. required package
yum install krb5-workstation
yum install pam_krb5
1. /etc/krb5.keytab
kadmin is not in the scope of EX300. All systems should be joined the KDC before the exam. ( Please check /etc/krb5.conf).
To kerberize a system is actually to record the system ID and password pair into the KDC database.
What's included in krb5.keytab is a copy of the recorded ID/Pwd pair.
To kerberize a system is actually to record the system ID and password pair into the KDC database.
What's included in krb5.keytab is a copy of the recorded ID/Pwd pair.
What needs to do is download the key file as /etc/krb5.keytab.
After this step, we can only use "kinit" to get the TGT. In order to make the Linux login system automatically call krb5, we have to do step 2.
After this step, we can only use "kinit" to get the TGT. In order to make the Linux login system automatically call krb5, we have to do step 2.
2. Enable krb5 authentication
# the following command will change /etc/pam
authconfig --enablekrb5 --update
If you cannot remember clearly the command, please "man authconfig | grep krb5"
3. Test
- You cannot test the Kerberos authentication by running "su - user01" as root. Because any command run by root bypass any authentication.
- You have to open a new login session to log in as a Kerberos user. After logging in the system, run "klist" to check the TGT gotten from the KDC.
No comments:
Post a Comment