Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 862

1 Install the RPMs
2 Adjust the Configuration Files
3 Create the Kerberos Database
4 Adjust the ACL Files: Add Administrators
5 Adjust the Kerberos Database: Add Administrators
6 Start the Kerberos Daemon
7 Create a Principal for Yourself
46.4.1 Installing the RPMs
Before you can start, install the Kerberos software. On the KDC, install the packages
krb5, krb5-server, and krb5-client.
46.4.2 Setting Up the Database
Your next step is to initialize the database where Kerberos keeps all information about
principals. Set up the database master key, which is used to protect the database from
accidental disclosure, in particular when it is backed up to a tape. The master key is
derived from a pass phrase and is stored in a file called the stash file. This is so you do
not need to enter the password every time the KDC is restarted. Make sure that you
choose a good pass phrase, such as a sentence from a book opened to a random page.
844 Installation and Administration
ware packages. See Section 46.4.1, "Installing the RPMs"
and /var/lib/kerberos/krb5kdc/kdc.conf must be adjusted for your
scenario. These files contain all information on the KDC.
identifiers and the secret keys of all principals that need to be authenticated.
KDC can be managed remotely. To prevent unauthorized principals from tamper-
ing with the database, Kerberos uses access control lists. You must explicitly
enable remote access for the administrator principal to enable him to manage the
database.
administrative principal to run and administer Kerberos. This principal must be
added before starting the KDC.
configured, start the Kerberos daemon to provide Kerberos service for your realm.
On a machine designated as the KDC, install special soft-
The configuration files /etc/krb5.conf
Kerberos keeps a database of all principal
Once the KDC software is installed and properly
(page 844) for details.
The Kerberos database on the
You need at least one