Kerberos: Difference between revisions
Jump to navigation
Jump to search
Created page with "Configuration is the same for heimdal or mit-krb5. {{File|/etc/krb5.conf| <pre> [libdefaults] ticket_lifetime = 600 default_realm = YOURDOMAIN.LOCAL [realms]..." |
No edit summary |
||
| (5 intermediate revisions by the same user not shown) | |||
| Line 26: | Line 26: | ||
</pre> | </pre> | ||
}} | }} | ||
== Testing == | |||
Query DNS for Kerberos servers. | |||
{{Root|host -t srv _kerberos._tcp.yourdomain.local}} | |||
Get Kerberos ticket for domainuser. | |||
{{Root|kinit domainuser@YOURDOMAIN.LOCAL}} | |||
List cached Kerberos tickets. | |||
{{Root|klist}} | |||
Latest revision as of 09:29, 18 March 2020
Configuration is the same for heimdal or mit-krb5.
File: /etc/krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = YOURDOMAIN.LOCAL
[realms]
YOURDOMAIN.LOCAL = {
kdc = domaincontroller.yourdomain.local:88
admin_server = domaincontroller.yourdomain.local:464
}
[domain_realm]
.yourdomain.local = YOURDOMAIN.LOCAL
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
Testing
Query DNS for Kerberos servers.
# host -t srv _kerberos._tcp.yourdomain.local
Get Kerberos ticket for domainuser.
# kinit domainuser@YOURDOMAIN.LOCAL
List cached Kerberos tickets.
# klist