Home Contact Download

asyd.net

Welcome to Bruno Bonfils's (aka asyd homepage).
Trace: » kerberos

Differences

This shows you the differences between the selected revision and the current version of the page.

docs:security:kerberos 2005/10/23 15:21 docs:security:kerberos 2008/10/03 08:25 current
Line 1: Line 1:
 +======MIT Implementation======
 +
 +=====Enctypes=====
 +
 +kdc logs use decimal value to refer encrypt types
 +
 +//Extract from kr5b.conf//
 +<code>
 +/* per Kerberos v5 protocol spec */
 +#define ENCTYPE_NULL            0x0000
 +#define ENCTYPE_DES_CBC_CRC    0x0001  /* DES cbc mode with CRC-32 */
 +#define ENCTYPE_DES_CBC_MD4    0x0002  /* DES cbc mode with RSA-MD4 */
 +#define ENCTYPE_DES_CBC_MD5    0x0003  /* DES cbc mode with RSA-MD5 */
 +#define ENCTYPE_DES_CBC_RAW    0x0004  /* DES cbc mode raw */
 +/* XXX deprecated? */
 +#define ENCTYPE_DES3_CBC_SHA    0x0005  /* DES-3 cbc mode with NIST-SHA */
 +#define ENCTYPE_DES3_CBC_RAW    0x0006  /* DES-3 cbc mode raw */
 +#define ENCTYPE_DES_HMAC_SHA1  0x0008
 +#define ENCTYPE_DES3_CBC_SHA1  0x0010
 +#define ENCTYPE_AES128_CTS_HMAC_SHA1_96 0x0011
 +#define ENCTYPE_AES256_CTS_HMAC_SHA1_96 0x0012
 +#define ENCTYPE_ARCFOUR_HMAC    0x0017
 +#define ENCTYPE_ARCFOUR_HMAC_EXP 0x0018
 +#define ENCTYPE_UNKNOWN        0x01ff
 +/* local crud */
 +/* marc's DES-3 with 32-bit length */
 +#define ENCTYPE_LOCAL_DES3_HMAC_SHA1 0x7007
 +</code>
 +
======Debian Installation====== ======Debian Installation======
Line 32: Line 61:
</code> </code>
 +//Create the minial keytab//
 +<code>
 +# kadmin.local
 +kadmin.local:  ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw
 +Entry for principal kadmin/admin with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab.
 +Entry for principal kadmin/admin with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab.
 +Entry for principal kadmin/changepw with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab.
 +Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab.
 +</code>
 +//Check for stash file: If you don't have /etc/krb5kdc/stash, just simple run//
 +<code>
 +# kdb5_util stash -f /etc/krb5kdc/stash
 +</code>
 +
 +//Optional: enable logging, add the following lines to /etc/krb5.conf//
 +<code>
 +[logging]
 +        kdc = FILE:/var/log/krb/kdc.log
 +        admin_server = FILE:/var/log/krb/admin.log
 +</code>