Skip to main content

Posts

Showing posts from August, 2018

ssh authentication with kerberos

This documentation have been tested on CentOS 7.

Install KDC

# yum install -y krb5-server krb5-workstation pam_krb5

Hostname and resolvingSet your hostname

# hostnamectl set-hostname hanthana.ucsc.com
verify your hostname

# hostname Your domain should resolve. In case if you do not use dns service..
[danishka@kdc ~]$ cat /etc/hosts 192.168.1.101 hanthana.ucsc.com 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 Server Configuration# ls /var/kerberos/krb5kdc/ kadm5.acl kdc.confACL grant all privileges to anyone with admin role. Replace EXAMPLE.COM with your realm.# cd /var/kerberos/krb5kdc/# cat kadm5.acl */admin@UCSC *# cat kdc.conf [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] UCSC.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:no…