Konfigurasi Kerberos V5
1. Instal paket krb5-libs, krb5-server, dan krb5-workstation
2. Edit /etc/krb5.conf dan /var/kerberos/krb5kdc/kdc.conf untuk mencerminkan nama ranah dan domain Anda ke pemetaan ranah. Realm sederhana dapat dibangun dengan mengganti instance EXAMPLE.COM dan example.com dengan nama domain Anda (pastikan Anda menyimpan kasus yang sama), dan dengan mengubah kerberos.example.com menjadi hostname server yang sepenuhnya memenuhi syarat.
Misalnya:
# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = UK.ORACLE.COM
[realms]
UK.ORACLE.COM = {
kdc = ukp9174.uk.oracle.com:88
admin_server = ukp9174.uk.oracle.com:749
default_domain = uk.oracle.com
}
[domain_realm]
.uk.oracle.com = UK.ORACLE.COM
uk.oracle.com = UK.ORACLE.COM
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false # cat /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 88
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
[realms]
UK.ORACLE.COM = {
master_key_type = des-cbc-crc
database_name = /var/kerberos/krb5kdc/principal
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:norm
al des-cbc-crc:v4 des-cbc-crc:afs3
kadmind_port = 749
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/dict/words
} 3. Edit /var/kerberos/krb5kdc/kadm5.acl untuk menentukan prinsipal mana yang memiliki akses ke database kerberos
# vi /var/kerberos/krb5kdc/kadm5.acl */[email protected] *
4. Buat database kerberos menggunakan perintah kdb5_util:
# kdb5_util create -s Initializing database '/var/kerberos/krb5kdc/principal' for realm 'UK.ORACLE.COM', master key name 'K/[email protected]' You will be prompted for the database Master Password. It is important that you NOT FORGET this password. Enter KDC database master key: admin Re-enter KDC database master key to verify: admin
5. Mulai layanan Kerberos:
# service krb5kdc start Starting Kerberos 5 KDC: [ OK ]
# service kadmin start Extracting kadm5 Service Keys Authenticating as principal root/[email protected] with password. Entry for principal kadmin/admin with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab. Entry for principal kadmin/admin with kvno 3, encryption type Triple DES cbc mode raw added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab. Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab. Entry for principal kadmin/changepw with kvno 3, encryption type Triple DES cbc mode raw added to keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab. [ OK ] Starting Kerberos 5 Admin Server [ OK ]
# service krb524 start Starting Kerberos 5-to-4 Server: [ OK ]
6. Tambahkan prinsipal Kerberos:
# kadmin.local Authenticating as principal root/[email protected] with password. > kadmin.local: addprinc host/ukp9174.uk.oracle.com WARNING: no policy specified for host/[email protected]; defaulting to no policy Enter password for principal "host/[email protected]": admin Re-enter password for principal "host/[email protected]": admin Principal "host/[email protected]" created.Perhatikan host adalah kata "host" bukan nama host server dan ukp9174.uk.Oracle.com adalah nama host server yang sepenuhnya memenuhi syarat.
> kadmin.local: addprinc root WARNING: no policy specified for [email protected]; defaulting to no policy Enter password for principal "[email protected]": admin Re-enter password for principal "[email protected]": admin Principal "[email protected]" created.
7. Tambahkan host ke tab kunci:
# kadmin.local: ktadd -k /etc/krb5.keytab host/ukp9174.uk.oracle.com Entry for principal host/ukp9174.uk.oracle.com with kvno 2, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab. Entry for principal host/ukp9174.uk.oracle.com with kvno 2, encryption type Triple DES cbc mode raw added to keytab WRFILE:/etc/krb5.keytab. > kadmin.local: exit
8. Tes Anda bisa mendapatkan tiket:
# kinit Password for [email protected]: admin
9. Buktikan kamu punya tiket:
# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [email protected] Valid starting Expires Service principal 01/02/01 11:14:15 01/02/01 21:14:15 krbtgt/[email protected] Kerberos 4 ticket cache: /tmp/tkt0
Setelah ini berfungsi, Anda telah menyiapkannya dengan benar.
Cara mengaktifkan Hashing md5 di Linux
–force V/s –nodeps :opsi perintah rpm untuk menginstal atau menghapus paket