Kerberos: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
{{File|/etc/krb5.conf| | {{File|/etc/krb5.conf| | ||
<pre> | <pre> | ||
[ | [libdefaults] | ||
ticket_lifetime = 600 | |||
default_realm = YOURDOMAIN.LOCAL | |||
[realms] | |||
YOURDOMAIN.LOCAL = { | |||
kdc = domaincontroller.yourdomain.local:88 | |||
admin_server = domaincontroller.yourdomain.local:464 | |||
} | |||
[domain_realm] | |||
.yourdomain.local = YOURDOMAIN.LOCAL | |||
[kdc] | |||
profile = /etc/krb5kdc/kdc.conf | |||
[logging] | |||
default = SYSLOG:NOTICE:DAEMON | |||
kdc = FILE:/var/log/krb5kdc.log | |||
admin_server = FILE:/var/log/kadmin.log | |||
default = FILE:/var/log/krb5lib.log | |||
</pre> | </pre> | ||
}} | }} | ||
== Testing == | == Testing == | ||
Query DNS for Kerberos servers. | |||
{{Root|host -t srv _kerberos._tcp.yourdomain.local}} | |||
Get Kerberos ticket for domainuser. | |||
{{Root|kinit domainuser@YOURDOMAIN.LOCAL}} | {{Root|kinit domainuser@YOURDOMAIN.LOCAL}} | ||
List cached Kerberos tickets. | |||
{{Root|klist}} | |||
Latest revision as of 09:29, 18 March 2020
Configuration is the same for heimdal or mit-krb5.
File: /etc/krb5.conf
[libdefaults]
ticket_lifetime = 600
default_realm = YOURDOMAIN.LOCAL
[realms]
YOURDOMAIN.LOCAL = {
kdc = domaincontroller.yourdomain.local:88
admin_server = domaincontroller.yourdomain.local:464
}
[domain_realm]
.yourdomain.local = YOURDOMAIN.LOCAL
[kdc]
profile = /etc/krb5kdc/kdc.conf
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmin.log
default = FILE:/var/log/krb5lib.log
Testing
Query DNS for Kerberos servers.
# host -t srv _kerberos._tcp.yourdomain.local
Get Kerberos ticket for domainuser.
# kinit domainuser@YOURDOMAIN.LOCAL
List cached Kerberos tickets.
# klist