Kerberos

From Q
Jump to navigation Jump to search

Configuration is the same for heimdal or mit-krb5.

File: /etc/krb5.conf
[libdefaults]
        ticket_lifetime = 600
        default_realm = YOURDOMAIN.LOCAL

[realms]
        YOURDOMAIN.LOCAL = {
        kdc = domaincontroller.yourdomain.local:88
        admin_server = domaincontroller.yourdomain.local:464
        }

[domain_realm]
        .yourdomain.local = YOURDOMAIN.LOCAL

[kdc]
        profile = /etc/krb5kdc/kdc.conf

[logging]
        default = SYSLOG:NOTICE:DAEMON
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmin.log
        default = FILE:/var/log/krb5lib.log

Testing

Query DNS for Kerberos servers.

# host -t srv _kerberos._tcp.yourdomain.local

Get Kerberos ticket for domainuser.

# kinit domainuser@YOURDOMAIN.LOCAL

List cached Kerberos tickets.

# klist
Retrieved from "https://q-old.deltaquadrant.org/index.php?title=Kerberos&oldid=4294"