======MIT Implementation======

=====Enctypes=====

kdc logs use decimal value to refer encrypt types

//Extract from kr5b.conf//
<code>
/* per Kerberos v5 protocol spec */
#define ENCTYPE_NULL            0x0000
#define ENCTYPE_DES_CBC_CRC     0x0001  /* DES cbc mode with CRC-32 */
#define ENCTYPE_DES_CBC_MD4     0x0002  /* DES cbc mode with RSA-MD4 */
#define ENCTYPE_DES_CBC_MD5     0x0003  /* DES cbc mode with RSA-MD5 */
#define ENCTYPE_DES_CBC_RAW     0x0004  /* DES cbc mode raw */
/* XXX deprecated? */
#define ENCTYPE_DES3_CBC_SHA    0x0005  /* DES-3 cbc mode with NIST-SHA */
#define ENCTYPE_DES3_CBC_RAW    0x0006  /* DES-3 cbc mode raw */
#define ENCTYPE_DES_HMAC_SHA1   0x0008
#define ENCTYPE_DES3_CBC_SHA1   0x0010
#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
#define ENCTYPE_ARCFOUR_HMAC    0x0017
#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
#define ENCTYPE_UNKNOWN         0x01ff
/* local crud */
/* marc's DES-3 with 32-bit length */
#define ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
</code>

======Debian Installation======

=====Requirements=====

//Packages//
<code>
# apt-get install krb5-admin-server krb5-kdc
</code>

//Create the realm database and the stash file//
<code>
# kdb5_util create -r <realm> -s
</code>

//Initial ACL /etc/krb5kdc/kadm5.acl//
<code>
*/admin@DEBIAN-FR.ORG   *
</code>

This is the minimal ACL file you **MUST** have in order to login locally (with kadmin.local) and
add another principals.

//Create the kadmin principal//
<code>
# kadmin.local
Authenticating as principal root/admin@DEBIAN-FR.ORG with password.
kadmin.local:  addprinc asyd/admin@DEBIAN-FR.ORG
WARNING: no policy specified for asyd/admin@DEBIAN-FR.ORG; defaulting to no policy
Enter password for principal "asyd/admin@DEBIAN-FR.ORG": 
Re-enter password for principal "asyd/admin@DEBIAN-FR.ORG": 
Principal "asyd/admin@DEBIAN-FR.ORG" created.
</code>

//Create the minial keytab//
<code>
# kadmin.local
kadmin.local:  ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
Entry for principal kadmin/admin with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab.
Entry for principal kadmin/admin with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab.
Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab.
</code>

//Check for stash file: If you don't have /etc/krb5kdc/stash, just simple run//
<code>
# kdb5_util stash -f /etc/krb5kdc/stash
</code>

//Optional: enable logging, add the following lines to /etc/krb5.conf//
<code>
[logging]
        kdc = FILE:/var/log/krb/kdc.log
        admin_server = FILE:/var/log/krb/admin.log
</code>