User Tools
аутентификация_с_использованием_kerberos_сервера
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
аутентификация_с_использованием_kerberos_сервера [2010/09/29 10:26] val |
аутентификация_с_использованием_kerberos_сервера [2010/09/30 15:13] val removed |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| ===== Предварительная настройка стенда ===== | ===== Предварительная настройка стенда ===== | ||
| - | <code> | ||
| - | # cat /etc/hosts | ||
| - | ... | ||
| - | #192.168.X.1 gate.corpX.un gate | ||
| - | #192.168.X.10 server.corpX.un server | ||
| - | ... | ||
| - | </code> | ||
| - | ===== Настройка DNS сервера ===== | + | ==== Настройка DNS сервера ==== |
| - | ==== Инсталяция и настройка сервиса ==== | + | [[Сервис DNS]] |
| === FreeBSD === | === FreeBSD === | ||
| Line 126: | Line 119: | ||
| gate# cat /etc/resolv.conf | gate# cat /etc/resolv.conf | ||
| + | domain corpX.un | ||
| + | nameserver 192.168.X.10 | ||
| + | |||
| + | client1# cat /etc/resolv.conf | ||
| domain corpX.un | domain corpX.un | ||
| nameserver 192.168.X.10 | nameserver 192.168.X.10 | ||
| </code> | </code> | ||
| - | ==== Проверки (на gate и server) ==== | + | ==== Проверки (на gate client1 и server) ==== |
| <code> | <code> | ||
| # host ya.ru | # host ya.ru | ||
| Line 161: | Line 158: | ||
| ===== Настройка KDC сервера ===== | ===== Настройка KDC сервера ===== | ||
| - | ==== FreeBSD ==== | + | ==== FreeBSD Heimdal ==== |
| <code> | <code> | ||
| [server:~] # cat /etc/rc.conf | [server:~] # cat /etc/rc.conf | ||
| Line 169: | Line 166: | ||
| </code> | </code> | ||
| - | ==== Ubuntu (8.04) ==== | + | ==== FreeBSD MIT ==== |
| + | <code> | ||
| + | [server:~] # pkg_add -r krb5-18 | ||
| + | |||
| + | [server:~] # mkdir -p /usr/local/var/krb5kdc/ | ||
| + | |||
| + | [server:~] # kdb5_util create -s | ||
| + | |||
| + | [server:~] # /usr/local/sbin/krb5kdc | ||
| + | |||
| + | [server:~] # kadmin.local | ||
| + | </code> | ||
| + | |||
| + | ==== Ubuntu Heimdal (8.04) ==== | ||
| <code> | <code> | ||
| root@server:~# apt-get install heimdal-kdc | root@server:~# apt-get install heimdal-kdc | ||
| Line 176: | Line 186: | ||
| </code> | </code> | ||
| - | ==== Ubuntu (10.04) ==== | + | ==== Ubuntu MIT (10.04) ==== |
| !!! В виртуальной машине krb5_newrealm может зависать | !!! В виртуальной машине krb5_newrealm может зависать | ||
| Line 210: | Line 220: | ||
| </code> | </code> | ||
| - | ==== Регистрация принципалов пользователей в базе данных kerberos ==== | + | ===== Регистрация принципалов пользователей в базе данных kerberos ===== |
| - | === FreeBSD, Ubuntu (8.04) === | + | ==== FreeBSD, Ubuntu (8.04) ==== |
| <code> | <code> | ||
| # kadmin -l | # kadmin -l | ||
| Line 228: | Line 238: | ||
| </code> | </code> | ||
| - | === Ubuntu (10.04) === | + | ==== Ubuntu (10.04) ==== |
| <code> | <code> | ||
| root@server:~# kadmin.local | root@server:~# kadmin.local | ||
| Line 261: | Line 271: | ||
| </code> | </code> | ||
| - | ===== Настройка Kerberos клиента (на gate и client1) ===== | + | ====== Настройка Kerberos клиента (на gate и client1) ====== |
| - | ==== Инсталляция клиента ==== | + | ===== Инсталляция и настройка клиента ===== |
| - | === Ubuntu (8.04) === | + | ==== Ubuntu (8.04) ==== |
| <code> | <code> | ||
| root@gate:~# apt-get install heimdal-clients | root@gate:~# apt-get install heimdal-clients | ||
| + | |||
| + | root@client1:~# apt-get install heimdal-clients | ||
| </code> | </code> | ||
| Line 273: | Line 285: | ||
| <code> | <code> | ||
| root@gate:~# apt-get install krb5-user | root@gate:~# apt-get install krb5-user | ||
| + | |||
| + | root@client1:~# apt-get install krb5-user | ||
| </code> | </code> | ||
| Line 280: | Line 294: | ||
| [libdefaults] | [libdefaults] | ||
| default_realm = CORPX.UN | default_realm = CORPX.UN | ||
| + | |||
| + | |||
| + | client1# cat /etc/krb5.conf | ||
| + | [libdefaults] | ||
| + | default_realm = CORPX.UN | ||
| </code> | </code> | ||
| Line 291: | Line 310: | ||
| gate# klist | gate# klist | ||
| gate# kdestroy | gate# kdestroy | ||
| + | |||
| + | client1# kinit user1 | ||
| + | client1# klist | ||
| + | client1# kdestroy | ||
| </code> | </code> | ||
| Line 331: | Line 354: | ||
| kadmin.local: ktadd -k gatehost.keytab host/gate.corpX.un | kadmin.local: ktadd -k gatehost.keytab host/gate.corpX.un | ||
| ... | ... | ||
| - | ... | + | |
| - | ... | + | |
| kadmin.local: quit | kadmin.local: quit | ||
| </code> | </code> | ||
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
