$ rpm -q -i krb5-server Name : krb5-server Relocations: (not relocatable) Version : 1.8.3 Vendor: Mageia.Org Release : 5.2.mga1 Build Date: 2012-06-15T15:06:24 EDT Install Date: 2012-06-17T21:11:07 EDT Build Host: ecosse.mageia.org Group : System/Servers Source RPM: krb5-1.8.3-5.2.mga1.src.rpm Size : 1608091 License: MIT Signature : RSA/SHA1, 2012-06-15T15:07:02 EDT, Key ID b742fa8b80420f66 Packager : luigiwalser <luigiwalser> URL : http://web.mit.edu/kerberos/www/ Summary : The server programs for Kerberos 5 Description : Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a Kerberos 5 server. If you're installing a Kerberos 5 server, you need to install this package (in other words, most people should NOT install this package).
Kerberos is designed so that a user can enter their password once, and then use any server on a network, such that the server knows the user has entered their password, but without any server (other then the kerberos server) having access to the password.
Within a kerberos environment, there are three main components:
- The actual kerberos server, with a key distribution center service, and an administration service - The applications services (ftp, remote login, etc) - The workstation (where users login)
Each component may be on separate computers, or all three can be on the same computer. In the following test, only one computer is being used.
- $ mkdir -p ~/bin
- $ wget https://bugs.mageia.org/attachment.cgi?id=9586 -O ~/bin/krb5_server_setup.sh
- $ chmod a+x ~/bin/krb5_server_setup.sh
- $ sudo ~/bin/krb5_server_setup.sh $USER
[If the setup script complains that the forward and reverse dsn settings do not match, post a request for help to the qa discussion list.]
For the urpmi prompts, just press enter.
You will be prompted for passwords for the three principals being created, which are the admin user, the host machine, and the regular user.
Once the installation has been completed,
- # edit /etc/xinetd.d/eklogin,
and change the disable option from yes to no. Then run
- # systemctl restart xinetd.service
Then, as the regular user, run
- $ kinit, and enter your password.
- $ klist which should then show a valid ticket has been granted.
Then run
- $ krlogin $(hostname) which should show
- This rlogin session is encrypting all data transmissions.
With the above output, testing is complete for basic kerberos functionality.