Kerberos: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 9: | Line 9: | ||
[realms] | [realms] | ||
YOURDOMAIN.LOCAL = { | YOURDOMAIN.LOCAL = { | ||
kdc = domaincontroller.yourdomain.local:88 | |||
admin_server = domaincontroller.yourdomain.local:464 | |||
} | } | ||
| Line 16: | Line 16: | ||
.yourdomain.local = YOURDOMAIN.LOCAL | .yourdomain.local = YOURDOMAIN.LOCAL | ||
[kdc] | |||
profile = /etc/krb5kdc/kdc.conf | |||
[logging] | |||
default = SYSLOG:NOTICE:DAEMON | |||
kdc = FILE:/var/log/krb5kdc.log | |||
admin_server = FILE:/var/log/kadmin.log | |||
default = FILE:/var/log/krb5lib.log | |||
</pre> | </pre> | ||
}} | }} | ||
== Testing == | |||
Query DNS for Kerberos servers. | |||
{{Root|host -t srv _kerberos._tcp.yourdomain.local}} | |||
Get Kerberos ticket for domainuser. | |||
{{Root|kinit domainuser@YOURDOMAIN.LOCAL}} | |||
List cached Kerberos tickets. | |||
{{Root|klist}} | |||
Latest revision as of 09:29, 18 March 2020
Configuration is the same for heimdal or mit-krb5.
File: /etc/krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = YOURDOMAIN.LOCAL
[realms]
YOURDOMAIN.LOCAL = {
kdc = domaincontroller.yourdomain.local:88
admin_server = domaincontroller.yourdomain.local:464
}
[domain_realm]
.yourdomain.local = YOURDOMAIN.LOCAL
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
Testing
Query DNS for Kerberos servers.
# host -t srv _kerberos._tcp.yourdomain.local
Get Kerberos ticket for domainuser.
# kinit domainuser@YOURDOMAIN.LOCAL
List cached Kerberos tickets.
# klist