Kerberos Server HowTo

Kerberos is a network authentication protocol which works on the basis of “tickets” to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. (Source Kerberos_(protocol))

Please read about here Kerberos_(protocol) and especially Kerberos How-to.

Server (OpenWrt)

  • krb5-server
    • krb5-libs (dependency of krb5-server)

Client (OpenWrt)

  • krb5-client


opkg install krb5-server

Create the file /etc/krb5.conf with the following credentials. Example:

    default_realm = YOURDOMAIN.ORG
    dns_lookup_realm = false
    dns_lookup_kdc = false
    ticket_lifetime = 24h
    forwardable = yes

        kdc = server_address_of_this_machine:88
        admin_server = server_address_of_this_machine:749
        default_domain =


Replace YOURDOMAIN.ORG / with the domain name of your domain the server should act for (names must be specified in UPPER- / lowercase as shown above). Replace server_address_of_this_machine with the host name/IP adress of this server you're setting up.

Start the server by issuing

/etc/init.d/krb5kdc start

This should create the /etc/krb5kdc/ directory with the following files

-rw-------    1 root     root         8192 Feb 13 11:17 principal
-rw-------    1 root     root         8192 Feb 13 09:12 principal.kadm5
-rw-------    1 root     root            0 Feb 13 09:12 principal.kadm5.lock
-rw-------    1 root     root            0 Feb 13 11:17 principal.ok

In case you don't get any error messages check your server by logging on with


In case everything works well you will see the following message

root@bridge:~# kadmin.local
Authenticating as principal xxxxxxx/admin@YOURDOMAIN.ORG with password.

Perform the tests as described in the Kerberos How-to document on page 16/17.

To enable/disable automatic start on boot:

/etc/init.d/krb5kdc enable

this simply creates a symlink: /etc/rc.d/S60krb5kdc → /etc/init.d/krb5kdc

/etc/init.d/krb5kdc disable

this removes the symlink again

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2018/03/03 20:47
  • by