This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
настройка_kdc_серверов_и_клиентов [2015/02/11 15:31] val [Запуск] |
настройка_kdc_серверов_и_клиентов [2023/02/17 10:17] val [Подготовка сети] |
||
---|---|---|---|
Line 3: | Line 3: | ||
===== Подготовка сети ===== | ===== Подготовка сети ===== | ||
- | [[Финальная настройка DNS сервера]] | + | * [[Финальная настройка DNS сервера]] |
- | + | * [[Сервис DNS#Утилиты тестирования DNS]] | |
- | [[Сервис NTP]] | + | * [[Сервис NTP]] |
===== Настройка KDC ===== | ===== Настройка KDC ===== | ||
Line 11: | Line 11: | ||
==== Установка ==== | ==== Установка ==== | ||
- | === MIT Ubuntu/Debian === | + | === Debian/Ubuntu (MIT) === |
- | + | ||
- | <code> | + | |
- | root@server:~# apt-get install krb5-kdc krb5-admin-server | + | |
- | </code> | + | |
- | + | ||
- | === HEIMDAL FreeBSD === | + | |
- | <code> | + | |
- | [server:~] # cat /etc/rc.conf | + | |
- | ... | + | |
- | kerberos5_server_enable="YES" # FreeBSD8,9 | + | |
- | kdc_enable="YES" # FreeBSD10 | + | |
- | ... | + | |
- | </code> | + | |
- | === MIT CentOS/SL === | ||
<code> | <code> | ||
- | [root@server ~]# yum install krb5-server | + | root@server:~# apt install krb5-kdc krb5-admin-server |
</code> | </code> | ||
Line 41: | Line 27: | ||
</code> | </code> | ||
- | === MIT Ubuntu/Debian === | + | === Debian/Ubuntu (MIT) === |
- | + | ||
- | !!! В виртуальной машине krb5_newrealm может зависать. | + | |
- | + | ||
- | Может помочь, регистрация в консоли | + | |
- | + | ||
- | <code> | + | |
- | apt-get install gpm | + | |
- | </code> | + | |
- | + | ||
- | и хаотические движения курсором мыши | + | |
<code> | <code> | ||
Line 63: | Line 39: | ||
</code> | </code> | ||
- | === HEIMDAL FreeBSD === | ||
- | <code> | ||
- | server# kstash | ||
- | </code><code> | ||
- | Master key: sdfsd787sg8df7gsd | ||
- | </code><code> | ||
- | server# kadmin -l | ||
- | </code><code> | ||
- | kadmin> init CORPX.UN | ||
- | Realm max ticket life [unlimited]: | ||
- | Realm max renewable ticket life [unlimited]: | ||
- | kadmin> quit | ||
- | </code> | ||
- | === MIT CentOS/SL === | + | |
- | <code> | + | |
- | [root@server ~]# /usr/kerberos/sbin/kdb5_util create -s | + | |
- | </code> | + | |
==== Запуск ==== | ==== Запуск ==== | ||
- | === FreeBSD === | + | === Ubuntu/Debian === |
<code> | <code> | ||
- | [server:~] # /etc/rc.d/kerberos start | + | root@server:~# service krb5-kdc restart |
</code> | </code> | ||
- | === FreeBSD10 === | + | ==== Отладка ==== |
- | <code> | + | |
- | [server:~] # service kdc start | + | |
- | </code> | + | |
- | === Ubuntu/Debian === | + | === Debian/Ubuntu === |
<code> | <code> | ||
- | root@server:~# /etc/init.d/krb5-kdc restart | + | server# tail -f /var/log/auth.log |
</code> | </code> | ||
- | |||
===== Настройка Kerberos клиента ===== | ===== Настройка Kerberos клиента ===== | ||
==== Инсталляция ==== | ==== Инсталляция ==== | ||
- | === Ubuntu/Debian === | + | === Debian/Ubuntu === |
<code> | <code> | ||
- | # apt-get install krb5-user | + | # apt install krb5-user |
</code> | </code> | ||
Line 124: | Line 80: | ||
</code> | </code> | ||
- | ===== Дополнительные материалы ===== | + | ===== FreeBSD (Heimdal) ===== |
- | ==== MIT FreeBSD ==== | ||
<code> | <code> | ||
- | [server:~] # pkg_add -r krb5-18 | + | [server:~] # cat /etc/rc.conf |
+ | </code><code> | ||
+ | ... | ||
+ | kdc_enable="YES" # FreeBSD10 | ||
+ | ... | ||
+ | </code> | ||
- | [server:~] # mkdir -p /usr/local/var/krb5kdc/ | + | <code> |
+ | server# kstash | ||
+ | </code><code> | ||
+ | Master key: sdfsd787sg8df7gsd | ||
+ | </code><code> | ||
+ | server# kadmin -l | ||
+ | </code><code> | ||
+ | kadmin> init CORPX.UN | ||
+ | Realm max ticket life [unlimited]: | ||
+ | Realm max renewable ticket life [unlimited]: | ||
+ | kadmin> quit | ||
+ | </code> | ||
+ | <code> | ||
+ | [server:~] # service kdc start | ||
+ | </code> | ||
- | [server:~] # kdb5_util create -s | + | <code> |
- | + | server# tail -f /var/heimdal/kdc.log | |
- | [server:~] # cat /etc/rc.local | + | |
- | /usr/local/sbin/krb5kdc | + | |
- | + | ||
- | [server:~] # kadmin.local | + | |
</code> | </code> |