suse12 sp3安装kerberos

1、安装krb5的包

zypper install krb5 krb5-server krb5-client krb5-plugin-kdb-ldap

2、修改/etc/krb5.conf配置

[root@master fayson_r]# vim /etc/krb5.conf

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log



[libdefaults]

default_realm = HERO.COM

dns_lookup_realm = false

dns_lookup_kdc = false

ticket_lifetime = 24h

renew_lifetime = 7d

forwardable = true



[realms]

HERO.COM = {

kdc = master.HERO.COM

admin_server = master.HERO.COM

}



[domain_realm]

.master.HERO.COM = HERO.COM

master.HERO.COM = HERO.COM

3、修改/var/lib/kerberos/krb5kdc/kadm5.acl配置（注意centos与suse位置不同）

[root@master~]# vim /var/kerberos/krb5kdc/kadm5.acl

*/[email protected] *

4、修改/var/lib/kerberos/krb5kdc/kdc.conf配置(标红的地方修改)

HERO.COM = {

database_name = /var/lib/kerberos/krb5kdc/principal

admin_keytab = FILE:/var/lib/kerberos/krb5kdc/kadm5.keytab

acl_file = /var/lib/kerberos/krb5kdc/kadm5.acl

dict_file = /var/lib/kerberos/krb5kdc/kadm5.dict

key_stash_file = /var/lib/kerberos/krb5kdc/.k5.KUDUTEST.COM

kdc_ports = 750,88

max_life = 10h 0m 0s

max_renewable_life = 7d 0h 0m 0s

supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal

}



[logging]

kdc = FILE:/var/log/krb5/krb5kdc.log

admin_server = FILE:/var/log/krb5/kadmind.log

5、创建Kerberos数据库

[root@master ~]# kdb5_util create –r HERO.COM -s

Loading random data

Initializing database '/var/kerberos/krb5kdc/principal' for realm 'HERO.COM',

master key name 'K/[email protected]'

You will be prompted for the database Master Password.

It is important that you NOT FORGET this password.

Enter KDC database master key:

Re-enter KDC database master key to verify:

6、创建Kerberos的管理账号

[root@master ~]# kadmin.local

Authenticating as principal fayson/[email protected] with password.

kadmin.local: addprinc admin/[email protected]

WARNING: no policy specified for admin/[email protected]; defaulting to no policy

Enter password for principal "admin/[email protected]":

Re-enter password for principal "admin/[email protected]":

Principal "admin/[email protected]" created.

kadmin.local: exit

7、将Kerberos服务添加到自启动服务，并启动krb5kdc

[root@master~]# chkconfig krb5kdc on

[root@master ~]# service krb5kdc start

8、测试Kerberos的管理员账号

[root@master ~]# kinit admin/[email protected]

Password for admin/[email protected]:

[root@master ~]# klist

Ticket cache: FILE:/tmp/krb5cc_0

Default principal: admin/[email protected]



Valid starting Expires Service principal

09/05/17 16:39:17 09/06/17 16:39:17 krbtgt/[email protected]

renew until 09/12/17 16:39:17