kerberos - 001

Realm: EXAMPLE.COM

Primary KDC: kdc.example.com (10.0.0.4)

User principal: ubuntu

Admin principal: ubuntu/admin

 

 

kdc server:

hostnamectl set-hostname kdc.example.com

cient:
hostnamectl set-hostname k2.example.com

 

cat /etc/hosts

10.0.0.4 kdc.example.com
10.0.0.5 k2.example.com

 

sudo apt update
sudo apt install krb5-kdc krb5-admin-server -y
sudo krb5_newrealm

/etc/krb5.conf
/etc/krb5kdc/kdc.conf

sudo kadmin.local

root@k1:~# sudo kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local: addprinc ubuntu/admin
WARNING: no policy specified for ubuntu/admin@EXAMPLE.COM; defaulting to no policy
Enter password for principal "ubuntu/admin@EXAMPLE.COM":
Re-enter password for principal "ubuntu/admin@EXAMPLE.COM":
Principal "ubuntu/admin@EXAMPLE.COM" created.
kadmin.local:
kadmin.local:
kadmin.local: quit
root@k1:~#

 

root@k1:~# sudo kadmin.local
Authenticating as principal root/admin@EXAMPLE.COM with password.
kadmin.local:
kadmin.local:
kadmin.local: addprinc -randkey host/k1.example.com
WARNING: no policy specified for host/k1.example.com@EXAMPLE.COM; defaulting to no policy
Principal "host/k1.example.com@EXAMPLE.COM" created.
kadmin.local: ktadd host/k1.example.com
Entry for principal host/k1.example.com with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
Entry for principal host/k1.example.com with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
kadmin.local: quit
root@k1:~#
root@k1:~#
root@k1:~#

 

sudo systemctl restart krb5-admin-server.service

useradd -m -s /bin/bash xman