一 RedHat/CentOS安装和配置kerberos
需要在kerberos server和客户端都先安装ntp (Internet时间协议,保证服务器和客户机时间同步 )
1 kerberos 服务器端
1.1. install /start ntp
#sudo yum install ntp
#sudo service ntpd start
1.2. install kerberos server:
#yum install krb5-server krb5-libs krb5-auth-dialog
可选: install kerberos client:
# yum install krb5-workstation
1.3 Edit /etc/krb5.conf and /var/kerberos/krb5kdc/kdc.conf
# sudo vi /etc/krb5.conf
Replacing EXAMPLE.COM with your domain name.
Replace the kerberos.example.com with your kdc server.
# sudo vi /var/kerberos/krb5kdc/kdc.conf
Replacing EXAMPLE.COM with your domain name.
1.4. create the databse using kdb5_util utility.
# sudo /usr/sbin/kdb5_util create -s
1.5. Edit /var/kerberos/krb5kdc/kadm5.acl file
# sudo vi /var/kerberos/krb5kdc/kadm5.acl file
such as:将 */admin@EXAMPLE.COM * 改为*/admin@MYCOMPANY.COM
1.6. use kadmin.local to add admin user:
#kadmin.local
#addprinc steve/admin
#addprinc tony/admin
1.7. start kerberos:
# /sbin/service krb5kdc start
# /sbin/service kadmin start
1.8. now you can use kadmin to manage principal:
#kadmin -q