개정판 5 - 이력 - Kerberos - 구축 관련 - En·core Redmine

Kerberos » 이력 » 개정판 5

개정판 4 (SANGKYU KANG, 2018-05-31 10:58 오전) → 개정판 5/9 (SANGKYU KANG, 2018-06-04 10:53 오전)

h1. Kerberos 



 설치 전 반드시 시간 동기화 

 


 Yum install 
 <pre> 
 yum install krb5-* 
 </pre> 

 /etc/krb5.conf krb5.conf 
 <pre> 
 [logging] 
 
  default = FILE:/var/log/krb5libs.log 
  kdc = FILE:/var/log/krb5kdc.log 
  admin_server = FILE:/var/log/kadmind.log 

 [libdefaults] 
     
  default_realm = BDP.TEST 
     TEST.BDP.TEST 
  dns_lookup_realm = false 
     
  dns_lookup_kdc = false 
     
  ticket_lifetime = 24h 
     
  renew_lifetime = 7d 
  forwardable = true 
     udp_preference_limit = 1000000 
     default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 
     default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 
     permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 

 [realms] 
     BDP.TEST 
  TEST.BDP.TEST = { 
         
   kdc = KERBEROS.BDP.TEST:88 
         TEST.BDP.TEST 
   admin_server = KERBEROS.BDP.TEST:749 
         default_domain = BDP.TEST 
     TEST.BDP.TEST 
  } 

 [domain_realm] 
     .bdp.test 
  .example.com = BDP.TEST 
      bdp.test TEST.BDP.TEST 
  example.com = BDP.TEST 

 [logging] 
     kdc = FILE:/var/log/krb5kdc.log 
     admin_server = FILE:/var/log/kadmin.log 
     default = FILE:/var/log/krb5lib.log TEST.BDP.TEST 
 </pre> 


 /var/kerberos/krb5kdc/kdc.conf on KDC 
 <pre> 
 default_realm = BDP.TEST 

 [kdcdefaults] 
     v4_mode = nopreauth 
     kdc_ports = 0 

 [realms] 
     BDP.TEST = { 
         kdc_ports = 88 
         admin_keytab = /etc/kadm5.keytab 
         database_name = /var/kerberos/krb5kdc/principal 
         acl_file = /var/kerberos/krb5kdc/kadm5.acl 
         key_stash_file = /var/kerberos/krb5kdc/stash 
         max_life = 10h 0m 0s 
         max_renewable_life = 7d 0h 0m 0s 
         master_key_type = des3-hmac-sha1 
         supported_enctypes = arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 
         default_principal_flags = +preauth 
     } 
 </pre> 

 /var/kerberos/krb5kdc/kadm5.acl on KDC 
 <pre> 
 */admin@BDP.TEST 	     * 
 </pre> 

 create kerberos DB 
 <pre> 
 kdb5_util create -r BDP.TEST -s 
 -가상 머신에서 'roading random data' 메시지 출력 후 작업 처리에 오래 걸릴 수 있음 
 </pre> 

 admin principal 및 user pincipal 생성 
 <pre> 
 kadmin.local 
 kadmin.local:    addprinc root/admin 
 kadmin.local:    addprinc test 
 kadmin.local:    ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin 
 kadmin.local:    ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw 
 kadmin.local:    exit 
 </pre> 

 KDC 서버를 위한 principal 생성 및 keytab 에 적용 
 <pre> 
 kadmin.local 
 kadmin.local:    addprinc -randkey host/kerberos.bdp.test 
 kadmin.local:    ktadd host/kerberos.bdp.test 
 </pre> 








 =======client 

 kerberos client 설치 
 <pre> 
 yum -y install krb5-workstation 
 </pre> 

 서버의 /etc/krb5.conf 파일 복사 (동일 경로 동일    파일명) 

 client principal 생성 
 <pre> 
 kadmin -p root/admin 
 kadmin:    addpinc --randkey host/test.bdp.test 
 kadmin:    ktadd host/kdc.bdp.test 
 </pre>

프로젝트

일반

사용자정보

Platform » 구축 관련

Kerberos » 이력 » 개정판 5