I’m trying to build up a Kerberos Server on a Debian computer but I’m kind of lost with all the configuration files. Can anyone tell me any good step by step tutorial of how to install and configure a kerberos Server? Or what’s the best distriburion where I can install Kerberos?
Advertisement
Answer
Debian’s packages try to do most of the configuration for you. There is a full transcript of a Kerberos KDC installation in the openafs-client package (as the first part of a full installation transcript of OpenAFS), but the basic steps are:
apt-get install krb5-admin-server- You will be asked to configure krb5-config. Here, you’ll be asked for your local realm name. Enter the realm that you’re setting up. (Normally, this should be in all caps and should be somehow based on your local domain, as if you were picking a hostname for your domain.)
- If prompted about a preauth strategy for Kerberos 4, pick nopreauth; you don’t care.
- When asked for the hostnames of the KDC in your realm, enter the hostname of the current system. You will need to use a fully-qualified domain name.
- Likewise, when asked for the administrative server, enter the current hostname.
- Run
krb5_newrealm. You’ll be prompted for a master key password. Enter a really good password and record it somewhere secure.
That’s all there is to it. You have a realm set up. To add principals to your realm, run kadmin.local. You’ll probably want to create a principal you use for administrative actions (<username>/admin is the convention), and then add it to /etc/krb5kdc/kadmin.acl with full access:
<username>/admin@<realm> *
where <username>/admin is the admin principal you chose and <realm> is the name of the realm you chose as above.