【待完善】
[laowang@cdh203 ~]$ sudo yum install krb5-server krb5-libs krb5-auth-dialog
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.cn99.com
* extras: mirrors.shu.edu.cn
* updates: mirrors.shu.edu.cn
No package krb5-auth-dialog available.
Resolving Dependencies
--> Running transaction check
---> Package krb5-libs.x86_64 0:1.13.2-10.el7 will be updated
---> Package krb5-libs.x86_64 0:1.15.1-19.el7 will be an update
---> Package krb5-server.x86_64 0:1.15.1-19.el7 will be installed
updates/7/x86_64/filelists_db | 2.1 MB 00:00:01
--> Processing Dependency: libkadm5(x86-64) = 1.15.1-19.el7 for package: krb5-server-1.151-19.el7.x86_64
--> Processing Dependency: libkadm5srv_mit.so.11(kadm5srv_mit_11_MIT)(64bit) for package:krb5-server-1.15.1-19.el7.x86_64
--> Processing Dependency: libkadm5clnt_mit.so.11(kadm5clnt_mit_11_MIT)(64bit) for packag: krb5-server-1.15.1-19.el7.x86_64
--> Processing Dependency: libkadm5srv_mit.so.11()(64bit) for package: krb5-server-1.15.119.el7.x86_64
--> Processing Dependency: libkadm5clnt_mit.so.11()(64bit) for package: krb5-server-1.15.-19.el7.x86_64
--> Running transaction check
---> Package libkadm5.x86_64 0:1.15.1-19.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=========================================================================================
Package Arch Version Repository Size
=========================================================================================
Installing:
krb5-server x86_64 1.15.1-19.el7 updates 1.0 M
Updating:
krb5-libs x86_64 1.15.1-19.el7 updates 747 k
Installing for dependencies:
libkadm5 x86_64 1.15.1-19.el7 updates 175 k
Transaction Summary
=========================================================================================
Install 1 Package (+1 Dependent package)
Upgrade 1 Package
Total download size: 1.9 M
Is this ok [y/d/N]: y
Downloading packages:
updates/7/x86_64/prestodelta | 370 kB 00:00:00
(1/3): krb5-libs-1.15.1-19.el7.x86_64.rpm | 747 kB 00:00:00
(2/3): libkadm5-1.15.1-19.el7.x86_64.rpm | 175 kB 00:00:00
(3/3): krb5-server-1.15.1-19.el7.x86_64.rpm | 1.0 MB 00:00:00
-----------------------------------------------------------------------------------------
Total 2.5 MB/s | 1.9 MB 00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating : krb5-libs-1.15.1-19.el7.x86_64 1/4
Installing : libkadm5-1.15.1-19.el7.x86_64 2/4
Installing : krb5-server-1.15.1-19.el7.x86_64 3/4
Cleanup : krb5-libs-1.13.2-10.el7.x86_64 4/4
Verifying : krb5-server-1.15.1-19.el7.x86_64 1/4
Verifying : libkadm5-1.15.1-19.el7.x86_64 2/4
Verifying : krb5-libs-1.15.1-19.el7.x86_64 3/4
Verifying : krb5-libs-1.13.2-10.el7.x86_64 4/4
Installed:
krb5-server.x86_64 0:1.15.1-19.el7
Dependency Installed:
libkadm5.x86_64 0:1.15.1-19.el7
Updated:
krb5-libs.x86_64 0:1.15.1-19.el7
Complete!
[laowang@cdh203 ~]$ cat /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
# default_realm = EXAMPLE.COM
default_ccache_name = KEYRING:persistent:%{uid}
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
[laowang@cdh203 ~]$ cat /var/kerberos/krb5kdc/kdc.conf
cat: /var/kerberos/krb5kdc/kdc.conf: Permission denied
[laowang@cdh203 ~]$ sudo cat /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
EXAMPLE.COM = {
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-mac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5normal des-cbc-crc:normal
}
[laowang@cdh203 ~]$ sudo vi /etc/krb5.conf
[laowang@cdh203 ~]$ sudo vi /var/kerberos/krb5kdc/kdc.conf
[laowang@cdh203 ~]$ sudo cd /usr/local/kdb5_util
/bin/cd: line 2: cd: /usr/local/kdb5_util: No such file or directory
[laowang@cdh203 ~]$ /usr/local/kdb5_util create -s -r ENMONSTER.ORG
-bash: /usr/local/kdb5_util: No such file or directory
[laowang@cdh203 ~]$ grep kdb5_util
^C
[laowang@cdh203 ~]$ grep kdb5_util /usr/sbin
grep: /usr/sbin: Is a directory
[laowang@cdh203 ~]$ grep kdb5_util /usr/sbin/*
grep: /usr/sbin/adduser: Permission denied
grep: /usr/sbin/audispd: Permission denied
grep: /usr/sbin/auditctl: Permission denied
grep: /usr/sbin/auditd: Permission denied
grep: /usr/sbin/augenrules: Permission denied
grep: /usr/sbin/autrace: Permission denied
grep: /usr/sbin/build-locale-archive: Permission denied
grep: /usr/sbin/glibc_post_upgrade.x86_64: Permission denied
grep: /usr/sbin/groupadd: Permission denied
grep: /usr/sbin/groupdel: Permission denied
grep: /usr/sbin/groupmems: Permission denied
grep: /usr/sbin/groupmod: Permission denied
grep: /usr/sbin/iprdbg: Permission denied
Binary file /usr/sbin/kadmind matches
Binary file /usr/sbin/kdb5_util matches
Binary file /usr/sbin/kpropd matches
grep: /usr/sbin/lockdev: Permission denied
grep: /usr/sbin/unix_update: Permission denied
grep: /usr/sbin/useradd: Permission denied
grep: /usr/sbin/userdel: Permission denied
grep: /usr/sbin/userhelper: Permission denied
grep: /usr/sbin/usermod: Permission denied
[laowang@cdh203 ~]$ sudo grep kdb5_util /usr/sbin/*
Binary file /usr/sbin/kadmind matches
Binary file /usr/sbin/kdb5_util matches
Binary file /usr/sbin/kpropd matches
[laowang@cdh203 ~]$ /usr/sbin/kdb5_util create -s -r ENMONSTER.ORG
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'ENMONSTER.ORG',
master key name 'K/M@ENMONSTER.ORG'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
kdb5_util: Permission denied while creating database '/var/kerberos/krb5kdc/principal'
[laowang@cdh203 ~]$ sudo /usr/sbin/kdb5_util create -s -r ENMONSTER.ORG
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'ENMONSTER.ORG',
master key name 'K/M@ENMONSTER.ORG'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
[laowang@cdh203 ~]$ cd /var/kerberos/krb5kdc/
[laowang@cdh203 krb5kdc]$ ll
total 24
-rw-------. 1 root root 22 Apr 11 04:29 kadm5.acl
-rw-------. 1 root root 458 Jul 4 11:28 kdc.conf
-rw-------. 1 root root 8192 Jul 4 11:37 principal
-rw-------. 1 root root 8192 Jul 4 11:37 principal.kadm5
-rw-------. 1 root root 0 Jul 4 11:37 principal.kadm5.lock
-rw-------. 1 root root 0 Jul 4 11:37 principal.ok
[laowang@cdh203 krb5kdc]$ sudo /usr/sbin/kadmin.local -q "addprinc admin/admin"
Authenticating as principal root/admin@ENMONSTER.ORG with password.
WARNING: no policy specified for admin/admin@ENMONSTER.ORG; defaulting to no policy
Enter password for principal "admin/admin@ENMONSTER.ORG":
Re-enter password for principal "admin/admin@ENMONSTER.ORG":
Principal "admin/admin@ENMONSTER.ORG" created.
[laowang@cdh203 krb5kdc]$ sudo vi /var/kerberos/krb5kdc/kadm5.acl
[laowang@cdh203 krb5kdc]$ sudo cat /var/kerberos/krb5kdc/kadm5.acl
*/admin@ENMONSTER.ORG
[laowang@cdh203 krb5kdc]$ service krb5kdc start
Redirecting to /bin/systemctl start krb5kdc.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: root
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to start krb5kdc.service: Access denied
[laowang@cdh203 krb5kdc]$ sudo service krb5kdc start
Redirecting to /bin/systemctl start krb5kdc.service
[laowang@cdh203 krb5kdc]$ sudo service kadmin start
Redirecting to /bin/systemctl start kadmin.service
[laowang@cdh203 krb5kdc]$ jps
bash: jps: command not found...
[laowang@cdh203 krb5kdc]$ sudo jps
sudo: jps: command not found
[laowang@cdh203 krb5kdc]$ ll
total 32
-rw-------. 1 root root 22 Jul 4 11:43 kadm5.acl
-rw-------. 1 root root 458 Jul 4 11:28 kdc.conf
-rw-------. 1 root root 16384 Jul 4 11:41 principal
-rw-------. 1 root root 8192 Jul 4 11:37 principal.kadm5
-rw-------. 1 root root 0 Jul 4 11:37 principal.kadm5.lock
-rw-------. 1 root root 0 Jul 4 11:41 principal.ok
[laowang@cdh203 krb5kdc]$ cd
[laowang@cdh203 ~]$ sudo cat /var/log/krb5kdc.log
otp: Loaded
Jul 04 11:44:48 cdh203.enmonster.org krb5kdc[66542](info): setting up network...
krb5kdc: setsockopt(10,IPV6_V6ONLY,1) worked
krb5kdc: setsockopt(12,IPV6_V6ONLY,1) worked
Jul 04 11:44:48 cdh203.enmonster.org krb5kdc[66542](info): set up 4 sockets
Jul 04 11:44:48 cdh203.enmonster.org krb5kdc[66551](info): commencing operation
[laowang@cdh203 ~]$ sudo cat /var/log/kadmind.log
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66713](info): setting up network...
kadmind: setsockopt(10,IPV6_V6ONLY,1) worked
kadmind: setsockopt(12,IPV6_V6ONLY,1) worked
kadmind: setsockopt(14,IPV6_V6ONLY,1) worked
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66713](info): set up 6 sockets
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66713](Error): /var/kerberos/krb5kdc/kadm5.acl: syntax error at line 1 <*/admin@ENMONSTER.ORG...>
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66763](info): Seeding random number generator
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66763](info): starting
[laowang@cdh203 ~]$ kinit
bash: kinit: command not found...
Similar command is: 'init'
[laowang@cdh203 ~]$ chkconfig krb5kdc on
Note: Forwarding request to 'systemctl enable krb5kdc.service'.
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ===
Authentication is required to manage system service or unit files.
Authenticating as: root
Password:
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to execute operation: Access denied
[laowang@cdh203 ~]$ sudo chkconfig krb5kdc on
Note: Forwarding request to 'systemctl enable krb5kdc.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/krb5kdc.service to /usr/lib/systemd/system/krb5kdc.service.
[laowang@cdh203 ~]$ sudo chkconfig kadmin on
Note: Forwarding request to 'systemctl enable kadmin.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/kadmin.service to /usr/lib/systemd/system/kadmin.service.
[laowang@cdh203 ~]$ kinit
bash: kinit: command not found...
Similar command is: 'init'
