1. kerberos krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = KERBEROSLDAP.XXXX.XXXX.COM
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
KERBEROSLDAP.XXXX.XXXX.COM = {
kdc = 10.10.10.10:88
admin_server = 10.10.10.10:749
}
2.kdb5_util create -r EXAMPLE.COM -s
启动krb5kdc和kadmin服务
service krb5kdc start
service kadmin start
3. update kdc.conf
[kdcdefaults]
kdc_tcp_ports =88
[realms]
KERBEROSLDAP.XXXX.XXXX.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
admin_keytab = FILE:/var/kerberos/krb5kdc/kadm5.keytab
dict_file = /var/kerberos/krb5kdc/kadm5.dict
key_stash_file = /var/kerberos/krb5kdc/.k5.KERBEROSLDAP.XXXX.XXXX.COM
#kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
default_principal_flags = -preauth
}
[logging]
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
5. create db:
kdb5_util create -r KERBEROSLDAP.xx.xx.COM -s
6. add princ
kadmin.local
addprinc root/admin
**********************************************************do following steps when add princple
addprinc u1
ktadd -k /var/kerberos/krb5kdc/kadmin.keytab kadmin/admin
ktadd -k /var/kerberos/krb5kdc/kadmin.keytab kadmin/changepw
***********************************************************
service krb5kdc start
service kadmin start
test:
netstat -nat|grep 750,88
ktutil:
rkt /var/kerberos/krb5kdc/kadmin.keytab
list
configure nis:
hostname is: cdnis
1. yum install ypserv ypbind -y
2. update /etc/hosts
3. execute command :nisdomainname
4. update /etc/yp.conf
5. no update needed for /etc/ypserv.conf
6. execute command: rpcinfo -u localhost ypserv
program 100004 version 1 ready and waiting
program 100004 version 2 ready and waiting
7. execute command:rpcinfo -u localhost ypbind
program 100007 version 1 ready and waiting
program 100007 version 2 ready and waiting
8. generate nisdatabase: /usr/lib64/yp/ypinit -m => checkfile under:/var/yp/
9. add local user for test:
groupadd -g 10000 admin
useradd -u 1000 -G admin u1
10. make -C /var/yp
test:
yptest must be all passed
ypcat passwd
getent passwd
id u1
阅读(1426) | 评论(0) | 转发(0) |