https://computing.ece.vt.edu/mediawiki/index.php?title=Notes_on_Kerberos_/_LDAP_authentication&feed=atom&action=historyNotes on Kerberos / LDAP authentication - Revision history2024-03-29T12:52:19ZRevision history for this page on the wikiMediaWiki 1.19.1https://computing.ece.vt.edu/mediawiki/index.php?title=Notes_on_Kerberos_/_LDAP_authentication&diff=1063&oldid=prevJkh at 20:22, 9 April 20092009-04-09T20:22:30Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 20:22, 9 April 2009</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 38:</td>
<td colspan="2" class="diff-lineno">Line 38:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>edit /var/kerberos/krb5kdc/kdc.conf</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>edit /var/kerberos/krb5kdc/kdc.conf</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>/usr/kerberos/sbin/kdb5_util create -s</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>/usr/kerberos/sbin/kdb5_util create -s <ins class="diffchange diffchange-inline"> (can redirect input)</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">edit /var/kerberso/krb5kdc/kadm5.acl make it look like</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> */admin@ECE.VT.EDU    *</ins></div></td></tr>
</table>Jkhhttps://computing.ece.vt.edu/mediawiki/index.php?title=Notes_on_Kerberos_/_LDAP_authentication&diff=1062&oldid=prevJkh: /* First setup DNS */2009-04-09T18:06:19Z<p><span dir="auto"><span class="autocomment">First setup DNS</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 18:06, 9 April 2009</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 27:</td>
<td colspan="2" class="diff-lineno">Line 27:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The topic of DNS is very large.  I'm not going to cover it here.  I should point you to some external document.   </div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>The topic of DNS is very large.  I'm not going to cover it here.  I should point you to some external document.   </div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>I've found that on RHEL5/CentOS5 you can use system-config-bind.  The help is good.  I just imported the /etc/hosts file as suggested.  This worked very well!</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>I've found that on RHEL5/CentOS5 you can use <ins class="diffchange diffchange-inline">'''</ins>system-config-bind<ins class="diffchange diffchange-inline">'''</ins>.  The help is good.  I just imported the /etc/hosts file as suggested.  This worked very well!</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Also, one can use DNS service records to automatically find both the kerberos KDC and the ldap server.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Also, one can use DNS service records to automatically find both the kerberos KDC and the ldap server.</div></td></tr>
</table>Jkhhttps://computing.ece.vt.edu/mediawiki/index.php?title=Notes_on_Kerberos_/_LDAP_authentication&diff=1061&oldid=prevJkh: /* First setup DNS */2009-04-09T17:38:30Z<p><span dir="auto"><span class="autocomment">First setup DNS</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 17:38, 9 April 2009</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 25:</td>
<td colspan="2" class="diff-lineno">Line 25:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Kerberos and to a lesser extent LDAP need to have proper DNS names.  If you are using an internal network (192.168.x.y), you will need to setup a DNS for your network.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Kerberos and to a lesser extent LDAP need to have proper DNS names.  If you are using an internal network (192.168.x.y), you will need to setup a DNS for your network.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">How to do this </del>is not <del class="diffchange diffchange-inline">covered </del>here.  I should point you to some external document.   </div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">The topic of DNS </ins>is <ins class="diffchange diffchange-inline">very large.  I'm </ins>not <ins class="diffchange diffchange-inline">going to cover it </ins>here.  I should point you to some external document.   </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div> </div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">I've found that on RHEL5/CentOS5 you can use system-config-bind.  The help is good.  I just imported the /etc/hosts file as suggested.  This worked very well!</ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Also, one can use DNS service records to automatically find both the kerberos KDC and the ldap server.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>Also, one can use DNS service records to automatically find both the kerberos KDC and the ldap server.</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;">I've found that on RHEL5/CentOS5 you can use system-config-bind.  The help is good.  I just imported the /etc/hosts file as suggested.</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del style="color: red; font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Setting up Kerberos===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Setting up Kerberos===</div></td></tr>
</table>Jkhhttps://computing.ece.vt.edu/mediawiki/index.php?title=Notes_on_Kerberos_/_LDAP_authentication&diff=1060&oldid=prevJkh at 14:53, 9 April 20092009-04-09T14:53:46Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 14:53, 9 April 2009</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 20:</td>
<td colspan="2" class="diff-lineno">Line 20:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* Samba -- be able authenticate windows clients -- perhaps using pgina.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* Samba -- be able authenticate windows clients -- perhaps using pgina.</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* Mac OS/X clients?</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>* Mac OS/X clients?</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">===First setup DNS===</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Kerberos and to a lesser extent LDAP need to have proper DNS names.  If you are using an internal network (192.168.x.y), you will need to setup a DNS for your network.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">How to do this is not covered here.  I should point you to some external document.  </ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">Also, one can use DNS service records to automatically find both the kerberos KDC and the ldap server.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">I've found that on RHEL5/CentOS5 you can use system-config-bind.  The help is good.  I just imported the /etc/hosts file as suggested.</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">===Setting up Kerberos===</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">yum -y install krb5-server</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">edit /etc/krb5.conf</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">edit /var/kerberos/krb5kdc/kdc.conf</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">/usr/kerberos/sbin/kdb5_util create -s</ins></div></td></tr>
</table>Jkhhttps://computing.ece.vt.edu/mediawiki/index.php?title=Notes_on_Kerberos_/_LDAP_authentication&diff=1059&oldid=prevJkh at 19:46, 7 April 20092009-04-07T19:46:03Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 19:46, 7 April 2009</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 3:</td>
<td colspan="2" class="diff-lineno">Line 3:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Reference Documents===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Reference Documents===</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div>The main reference by Danang : [http://www.bekatul.info/node/24]</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div>The main reference by Danang : [http://www.bekatul.info/node/24 <ins class="diffchange diffchange-inline">Building Powerful Central Authentication</ins>]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
</table>Jkhhttps://computing.ece.vt.edu/mediawiki/index.php?title=Notes_on_Kerberos_/_LDAP_authentication&diff=1058&oldid=prevJkh at 19:40, 7 April 20092009-04-07T19:40:18Z<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black;">Revision as of 19:40, 7 April 2009</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This will be a scratch space for the beginning of new Kerberos & LDAP page.  Initially, this will be a bunch of random notes, hopefully coalesced into a document.</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>This will be a scratch space for the beginning of new Kerberos & LDAP page.  Initially, this will be a bunch of random notes, hopefully coalesced into a document.</div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">===Reference Documents===</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;">The main reference by Danang : [http://www.bekatul.info/node/24]</ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins style="color: red; font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Things that can use Kerberos / LDAP to authenticate===</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>===Things that can use Kerberos / LDAP to authenticate===</div></td></tr>
</table>Jkhhttps://computing.ece.vt.edu/mediawiki/index.php?title=Notes_on_Kerberos_/_LDAP_authentication&diff=1057&oldid=prevJkh: New page: This will be a scratch space for the beginning of new Kerberos & LDAP page. Initially, this will be a bunch of random notes, hopefully coalesced into a document. ===Things that can use K...2009-04-07T19:37:21Z<p>New page: This will be a scratch space for the beginning of new Kerberos & LDAP page. Initially, this will be a bunch of random notes, hopefully coalesced into a document. ===Things that can use K...</p>
<p><b>New page</b></p><div>This will be a scratch space for the beginning of new Kerberos & LDAP page. Initially, this will be a bunch of random notes, hopefully coalesced into a document.<br />
<br />
===Things that can use Kerberos / LDAP to authenticate===<br />
These are the things that we would like to use our K&L auth:<br />
<br />
* NFS4 authentication/security<br />
* automount / autofs<br />
* sudo<br />
* ssh / kerberos key forwarding / ldap shared keys?<br />
* Apache web page security<br />
* Netgroups -- limiting logins to specific machines<br />
* AFS -- andrew file system<br />
* Email<br />
* radius / 802.1x for wired and wireless networks<br />
* Samba -- be able authenticate windows clients -- perhaps using pgina.<br />
* Mac OS/X clients?</div>Jkh