Chinaunix首页 | 论坛 | 博客
  • 博客访问: 48094
  • 博文数量: 17
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 145
  • 用 户 组: 普通用户
  • 注册时间: 2011-05-31 09:37
文章分类

全部博文(17)

文章存档

2016年(3)

2015年(14)

我的朋友

分类: LINUX

2016-02-04 09:44:38

1. kerberos krb5.conf

    [logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log


[libdefaults]
 default_realm = KERBEROSLDAP.XXXX.XXXX.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
[realms]
 KERBEROSLDAP.XXXX.XXXX.COM = {
  kdc = 10.10.10.10:88
  admin_server = 10.10.10.10:749
 }
2.kdb5_util create -r EXAMPLE.COM -s


启动krb5kdc和kadmin服务
service krb5kdc start
service kadmin start

3. update kdc.conf




[kdcdefaults]
 kdc_tcp_ports =88


[realms]
 KERBEROSLDAP.XXXX.XXXX.COM  = {
  #master_key_type = aes256-cts
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  admin_keytab = FILE:/var/kerberos/krb5kdc/kadm5.keytab
  dict_file = /var/kerberos/krb5kdc/kadm5.dict
  key_stash_file = /var/kerberos/krb5kdc/.k5.KERBEROSLDAP.XXXX.XXXX.COM 
  #kdc_ports = 750,88
  max_life = 10h 0m 0s
  max_renewable_life = 7d 0h 0m 0s
  default_principal_flags = -preauth
 }
[logging]
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmind.log
5. create db:
kdb5_util create -r KERBEROSLDAP.xx.xx.COM -s
6. add princ
kadmin.local
addprinc root/admin
**********************************************************do following steps when add princple
addprinc u1
ktadd -k  /var/kerberos/krb5kdc/kadmin.keytab kadmin/admin
ktadd -k  /var/kerberos/krb5kdc/kadmin.keytab kadmin/changepw
***********************************************************


service krb5kdc start
service kadmin start
test:
netstat -nat|grep 750,88


ktutil:
rkt /var/kerberos/krb5kdc/kadmin.keytab
list
configure nis:
hostname is: cdnis
1. yum install ypserv ypbind -y
2. update /etc/hosts

3. execute command :nisdomainname
4. update /etc/yp.conf
5. no update needed for /etc/ypserv.conf
6. execute command: rpcinfo -u localhost ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
7. execute command:rpcinfo -u localhost ypbind
program 100007 version 1 ready and waiting
program 100007 version 2 ready and waiting
8. generate nisdatabase: /usr/lib64/yp/ypinit -m  => checkfile under:/var/yp/
9. add local user for test:
groupadd -g 10000 admin
useradd -u 1000 -G admin u1

10. make -C /var/yp
test:
yptest must be all passed
ypcat passwd
getent passwd
id u1

阅读(1426) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~