Show pagesourceOld revisionsBacklinksBack to top × Table of Contents Kerberos Server HowTo Preparation Prerequisites Required Packages Installation Configuration Server configuration Starting the server Testing the server Start on boot Notes Kerberos Server HowTo Kerberos is a network authentication protocol which works on the basis of “tickets” to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. (Source Kerberos_(protocol)) Preparation Prerequisites Please read about here Kerberos_(protocol) and especially Kerberos How-to. Required Packages Server (OpenWrt) krb5-server krb5-libs (dependency of krb5-server) Client (OpenWrt) krb5-client Installation opkg opkg install krb5-server Configuration Server configuration Create the file /etc/krb5.conf with the following credentials. Example: [libdefaults] default_realm = YOURDOMAIN.ORG dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] YOURDOMAIN.ORG = { kdc = server_address_of_this_machine:88 admin_server = server_address_of_this_machine:749 default_domain = yourdomain.org } [domain_realm] .yourdomain.org = YOURDOMAIN.ORG yourdomain.org = YOURDOMAIN.ORG Replace YOURDOMAIN.ORG / yourdomain.org with the domain name of your domain the server should act for (names must be specified in UPPER- / lowercase as shown above). Replace server_address_of_this_machine with the host name/IP adress of this server you're setting up. Starting the server Start the server by issuing /etc/init.d/krb5kdc start This should create the /etc/krb5kdc/ directory with the following files -rw------- 1 root root 8192 Feb 13 11:17 principal -rw------- 1 root root 8192 Feb 13 09:12 principal.kadm5 -rw------- 1 root root 0 Feb 13 09:12 principal.kadm5.lock -rw------- 1 root root 0 Feb 13 11:17 principal.ok In case you don't get any error messages check your server by logging on with kadmin.local In case everything works well you will see the following message root@bridge:~# kadmin.local Authenticating as principal xxxxxxx/admin@YOURDOMAIN.ORG with password. kadmin.local: Testing the server Perform the tests as described in the Kerberos How-to document on page 16/17. Start on boot To enable/disable automatic start on boot: /etc/init.d/krb5kdc enable this simply creates a symlink: /etc/rc.d/S60krb5kdc → /etc/init.d/krb5kdc /etc/init.d/krb5kdc disable this removes the symlink again Notes The Project Homepage: http://web.mit.edu/kerberos/ Kerberos How-To: http://www.kerberos.org/software/adminkerberos.pdf Kerberos Tutorial: http://www.kerberos.org/software/tutorial.html This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2018/03/03 15:47by 79.102.29.95