버전 9 - 이력 - Kerberos - 구축 관련 - En·core Redmine

Kerberos » 이력 » 버전 9

SANGKYU KANG, 2018-06-04 12:56 오후

-SANGKYU KANG
+h1. Kerberos
 SANGKYU KANG
 SANGKYU KANG
-SANGKYU KANG
+설치 전 반드시 "시간 동기화":http://redmine.bdp.test/redmine/projects/etc/wiki/NTP_%EC%84%A4%EC%A0%95
 SANGKYU KANG
-SANGKYU KANG
+Yum install
 <pre>
-SANGKYU KANG
+yum install krb5-*
-SANGKYU KANG
+</pre>
 SANGKYU KANG
-SANGKYU KANG
+/etc/krb5.conf
-SANGKYU KANG
+<pre>
 [libdefaults]
-SANGKYU KANG
+    default_realm = BDP.TEST
     dns_lookup_realm = false
     dns_lookup_kdc = false
     ticket_lifetime = 24h
     forwardable = true
     udp_preference_limit = 1000000
     default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
     default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
     permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
 SANGKYU KANG
-SANGKYU KANG
+[realms]
-SANGKYU KANG
+    BDP.TEST = {
         kdc = KERBEROS.BDP.TEST:88
         admin_server = KERBEROS.BDP.TEST:749
         default_domain = BDP.TEST
+    }
 SANGKYU KANG
 [domain_realm]
-SANGKYU KANG
+    .bdp.test = BDP.TEST
      bdp.test = BDP.TEST
 [logging]
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmin.log
     default = FILE:/var/log/krb5lib.log
-SANGKYU KANG
+</pre>
 SANGKYU KANG
 /var/kerberos/krb5kdc/kdc.conf on KDC
 <pre>
 default_realm = BDP.TEST
 [kdcdefaults]
     v4_mode = nopreauth
     kdc_ports = 0
 [realms]
     BDP.TEST = {
         kdc_ports = 88
         admin_keytab = /etc/kadm5.keytab
         database_name = /var/kerberos/krb5kdc/principal
         acl_file = /var/kerberos/krb5kdc/kadm5.acl
         key_stash_file = /var/kerberos/krb5kdc/stash
         max_life = 10h 0m 0s
         max_renewable_life = 7d 0h 0m 0s
         master_key_type = des3-hmac-sha1
         supported_enctypes = arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
         default_principal_flags = +preauth
+    }
 </pre>
 /var/kerberos/krb5kdc/kadm5.acl on KDC
 <pre>
 */admin@BDP.TEST	    *
 </pre>
-SANGKYU KANG
+create kerberos DB
 <pre>
-SANGKYU KANG
+kdb5_util create -r BDP.TEST -s
-SANGKYU KANG
+-가상 머신에서 'roading random data' 메시지 출력 후 작업 처리에 오래 걸릴 수 있음
-SANGKYU KANG
+ 해당 연산은 온전히 CPU 능력에 의존함
-SANGKYU KANG
+</pre>
 admin principal 및 user pincipal 생성
 <pre>
 kadmin.local
 kadmin.local:  addprinc root/admin
 kadmin.local:  addprinc test
 kadmin.local:  ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
 kadmin.local:  ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw
 kadmin.local:  exit
 </pre>
 KDC 서버를 위한 principal 생성 및 keytab 에 적용
 <pre>
 kadmin.local
-SANGKYU KANG
+kadmin.local:  add_principal -randkey host/kerberos.bdp.test
-SANGKYU KANG
+kadmin.local:  ktadd host/kerberos.bdp.test
 </pre>
 =======client
 kerberos client 설치
 <pre>
 yum -y install krb5-workstation
 </pre>
 서버의 /etc/krb5.conf 파일 복사 (동일 경로 동일  파일명)
 client principal 생성
 <pre>
 kadmin -p root/admin
-SANGKYU KANG
+kadmin:  add_principal --randkey host/test.bdp.test
-SANGKYU KANG
+kadmin:  ktadd host/kdc.bdp.test
-SANGKYU KANG
+</pre>

프로젝트

일반

사용자정보

Platform » 구축 관련

Kerberos » 이력 » 버전 9