From Mageia wiki
Jump to: navigation, search
$ rpm -q -i krb5-server
Name        : krb5-server                  Relocations: (not relocatable)
Version     : 1.8.3                             Vendor: Mageia.Org
Release     : 5.2.mga1                      Build Date: 2012-06-15T15:06:24 EDT
Install Date: 2012-06-17T21:11:07 EDT          Build Host: ecosse.mageia.org
Group       : System/Servers                Source RPM: krb5-1.8.3-5.2.mga1.src.rpm
Size        : 1608091                          License: MIT
Signature   : RSA/SHA1, 2012-06-15T15:07:02 EDT, Key ID b742fa8b80420f66
Packager    : luigiwalser <luigiwalser>
URL         : http://web.mit.edu/kerberos/www/
Summary     : The server programs for Kerberos 5
Description :
Kerberos is a network authentication system.  The krb5-server package
contains the programs that must be installed on a Kerberos 5 server.
If you're installing a Kerberos 5 server, you need to install this
package (in other words, most people should NOT install this
package).

Kerberos is designed so that a user can enter their password once, and then use any server on a network, such that the server knows the user has entered their password, but without any server (other then the kerberos server) having access to the password.

Within a kerberos environment, there are three main components:

- The actual kerberos server, with a key distribution center service, and an administration service
- The applications services (ftp, remote login, etc)
- The workstation (where users login)

Each component may be on separate computers, or all three can be on the same computer. In the following test, only one computer is being used.

[If the setup script complains that the forward and reverse dsn settings do not match, post a request for help to the qa discussion list.]

For the urpmi prompts, just press enter.

You will be prompted for passwords for the three principals being created, which are the admin user, the host machine, and the regular user.

Once the installation has been completed,

  • # edit /etc/xinetd.d/eklogin,

and change the disable option from yes to no. Then run

  • # systemctl restart xinetd.service

Then, as the regular user, run

  • $ kinit, and enter your password.
  • $ klist which should then show a valid ticket has been granted.

Then run

  • $ krlogin $(hostname) which should show
  • This rlogin session is encrypting all data transmissions.

With the above output, testing is complete for basic kerberos functionality.