Welcome to Bruno Bonfils's (aka asyd homepage).
|
This is an old revision of the document! Debian InstallationRequirementsPackages # apt-get install krb5-admin-server krb5-kdc Create the realm database and the stash file # kdb5_util create -r <realm> -s Initial ACL /etc/krb5kdc/kadm5.acl */admin@DEBIAN-FR.ORG * This is the minimal ACL file you MUST have in order to login locally (with kadmin.local) and add another principals. Create the kadmin principal # kadmin.local Authenticating as principal root/admin@DEBIAN-FR.ORG with password. kadmin.local: addprinc asyd/admin@DEBIAN-FR.ORG WARNING: no policy specified for asyd/admin@DEBIAN-FR.ORG; defaulting to no policy Enter password for principal "asyd/admin@DEBIAN-FR.ORG": Re-enter password for principal "asyd/admin@DEBIAN-FR.ORG": Principal "asyd/admin@DEBIAN-FR.ORG" created. Create the minial keytab # kadmin.local kadmin.local: ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw Entry for principal kadmin/admin with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab. Entry for principal kadmin/admin with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab. Entry for principal kadmin/changepw with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab. Entry for principal kadmin/changepw with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5kdc/kadm5.keytab. Optional: enable logging, add the following lines to /etc/krb5.conf
[logging]
kdc = FILE:/var/log/krb/kdc.log
admin_server = FILE:/var/log/krb/admin.log
|
