User Tools
аутентификация_с_использованием_kerberos_сервера
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
аутентификация_с_использованием_kerberos_сервера [2010/09/29 10:21] val |
аутентификация_с_использованием_kerberos_сервера [2010/09/29 10:50] val |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| ===== Предварительная настройка стенда ===== | ===== Предварительная настройка стенда ===== | ||
| - | <code> | ||
| - | # cat /etc/hosts | ||
| - | ... | ||
| - | #192.168.X.1 gate.corpX.un gate | ||
| - | #192.168.X.10 server.corpX.un server | ||
| - | ... | ||
| - | </code> | ||
| - | ===== Настройка DNS сервера ===== | + | ==== Настройка DNS сервера ==== |
| - | ==== Инсталяция и настройка сервиса ==== | + | [[Сервис DNS]] |
| === FreeBSD === | === FreeBSD === | ||
| Line 126: | Line 119: | ||
| gate# cat /etc/resolv.conf | gate# cat /etc/resolv.conf | ||
| + | domain corpX.un | ||
| + | nameserver 192.168.X.10 | ||
| + | |||
| + | client1# cat /etc/resolv.conf | ||
| domain corpX.un | domain corpX.un | ||
| nameserver 192.168.X.10 | nameserver 192.168.X.10 | ||
| </code> | </code> | ||
| - | ==== Проверки (на gate и server) ==== | + | ==== Проверки (на gate client1 и server) ==== |
| <code> | <code> | ||
| # host ya.ru | # host ya.ru | ||
| Line 210: | Line 207: | ||
| </code> | </code> | ||
| - | ==== Регистрация принципала пользователя в базе данных kerberos ==== | + | ===== Регистрация принципалов пользователей в базе данных kerberos ===== |
| - | === FreeBSD, Ubuntu (8.04) === | + | ==== FreeBSD, Ubuntu (8.04) ==== |
| <code> | <code> | ||
| # kadmin -l | # kadmin -l | ||
| Line 219: | Line 216: | ||
| user1@CORPX.UN's Password: kpassword1 | user1@CORPX.UN's Password: kpassword1 | ||
| Verifying - user@CORPX.UN's Password: kpassword1 | Verifying - user@CORPX.UN's Password: kpassword1 | ||
| + | ... | ||
| + | kadmin> add user2 | ||
| + | ... | ||
| kadmin> list * | kadmin> list * | ||
| Line 225: | Line 225: | ||
| </code> | </code> | ||
| - | === Ubuntu (10.04) === | + | ==== Ubuntu (10.04) ==== |
| <code> | <code> | ||
| root@server:~# kadmin.local | root@server:~# kadmin.local | ||
| Line 231: | Line 231: | ||
| kadmin.local: addprinc user1 | kadmin.local: addprinc user1 | ||
| ... | ... | ||
| - | Enter password for principal "user@CORPX.UN": kpassword1 | + | Enter password for principal "user1@CORPX.UN": kpassword1 |
| - | Re-enter password for principal "user@CORPX.UN": kpassword1 | + | Re-enter password for principal "user1@CORPX.UN": kpassword1 |
| + | ... | ||
| + | kadmin.local: addprinc user2 | ||
| + | ... | ||
| kadmin.local: listprincs | kadmin.local: listprincs | ||
| ... | ... | ||
| Line 256: | Line 258: | ||
| </code> | </code> | ||
| - | ===== Настройка Kerberos клиента (на gate и client1) ===== | + | ====== Настройка Kerberos клиента (на gate и client1) ====== |
| - | ==== Инсталляция клиента ==== | + | ===== Инсталляция и настройка клиента ===== |
| - | === Ubuntu (8.04) === | + | ==== Ubuntu (8.04) ==== |
| <code> | <code> | ||
| root@gate:~# apt-get install heimdal-clients | root@gate:~# apt-get install heimdal-clients | ||
| + | |||
| + | root@client1:~# apt-get install heimdal-clients | ||
| </code> | </code> | ||
| Line 268: | Line 272: | ||
| <code> | <code> | ||
| root@gate:~# apt-get install krb5-user | root@gate:~# apt-get install krb5-user | ||
| + | |||
| + | root@client1:~# apt-get install krb5-user | ||
| </code> | </code> | ||
| Line 275: | Line 281: | ||
| [libdefaults] | [libdefaults] | ||
| default_realm = CORPX.UN | default_realm = CORPX.UN | ||
| + | |||
| + | |||
| + | client1# cat /etc/krb5.conf | ||
| + | [libdefaults] | ||
| + | default_realm = CORPX.UN | ||
| </code> | </code> | ||
| Line 286: | Line 297: | ||
| gate# klist | gate# klist | ||
| gate# kdestroy | gate# kdestroy | ||
| + | |||
| + | client1# kinit user1 | ||
| + | client1# klist | ||
| + | client1# kdestroy | ||
| </code> | </code> | ||
| Line 326: | Line 341: | ||
| kadmin.local: ktadd -k gatehost.keytab host/gate.corpX.un | kadmin.local: ktadd -k gatehost.keytab host/gate.corpX.un | ||
| ... | ... | ||
| - | ... | + | |
| - | ... | + | |
| kadmin.local: quit | kadmin.local: quit | ||
| </code> | </code> | ||
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
