Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual page 699
Hide thumbs
Also See for ENTERPRISE LINUX 5 - DEPLOYMENT:
- Manual (402 pages) ,
- Configuration (86 pages) ,
- Overview (68 pages)
Table of Contents
Advertisement
Most users are represented in the database by a single principal (with a NULL, or empty,
instance, such as joe@EXAMPLE.COM). In this configuration, users with a second principal with
an instance of admin (for example, joe/admin@EXAMPLE.COM) are able to wield full power over
the realm's Kerberos database.
After kadmind has been started on the server, any user can access its services by running
kadmin on any of the clients or servers in the realm. However, only users listed in the
kadm5.acl file can modify the database in any way, except for changing their own passwords.
Note
The kadmin utility communicates with the kadmind server over the network, and
uses Kerberos to handle authentication. Consequently, the first principal must already
exist before connecting to the server over the network to administer it. Create the
first principal with the kadmin.local command, which is specifically designed to be
used on the same host as the KDC and does not use Kerberos for authentication.
Type the following kadmin.local command at the KDC terminal to create the first principal:
/usr/kerberos/sbin/kadmin.local -q "addprinc username/admin"
6.
Start Kerberos using the following commands:
/sbin/service krb5kdc start
/sbin/service kadmin start
/sbin/service krb524 start
7.
Add principals for the users using the addprinc command within kadmin. kadmin and
kadmin.local are command line interfaces to the KDC. As such, many commands — such as
addprinc — are available after launching the kadmin program. Refer to the kadmin man page
for more information.
8.
Verify that the KDC is issuing tickets. First, run kinit to obtain a ticket and store it in a credential
cache file. Next, use klist to view the list of credentials in the cache and use kdestroy to
destroy the cache and the credentials it contains.
Note
By default, kinit attempts to authenticate using the same system login username
(not the Kerberos server). If that username does not correspond to a principal in the
Kerberos database, kinit issues an error message. If that happens, supply kinit
with the name of the correct principal as an argument on the command line (kinit
<principal>).
Once these steps are completed, the Kerberos server should be up and running.
Configuring a Kerberos 5 Server
673
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
Related Products for Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.1
- Red Hat ENTERPRISE LINUX 5 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat ENTERPRISE LINUX 5.1 - LVM ADMINISTRATION
- Red Hat ENTERPRISE LINUX 5.1 - LINUX ORACLE
- Red Hat ENTERPRISE LINUX 5.3 - RELEASE MANIFEST
- Red Hat ENTERPRISE LINUX 5.5 - S 2010
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 5.2
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4.5.0 -