【待完善】

[laowang@cdh203 ~]$ sudo yum install krb5-server krb5-libs krb5-auth-dialog
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.cn99.com
 * extras: mirrors.shu.edu.cn
 * updates: mirrors.shu.edu.cn
No package krb5-auth-dialog available.
Resolving Dependencies
--> Running transaction check
---> Package krb5-libs.x86_64 0:1.13.2-10.el7 will be updated
---> Package krb5-libs.x86_64 0:1.15.1-19.el7 will be an update
---> Package krb5-server.x86_64 0:1.15.1-19.el7 will be installed
updates/7/x86_64/filelists_db                                      | 2.1 MB  00:00:01    
--> Processing Dependency: libkadm5(x86-64) = 1.15.1-19.el7 for package: krb5-server-1.151-19.el7.x86_64
--> Processing Dependency: libkadm5srv_mit.so.11(kadm5srv_mit_11_MIT)(64bit) for package:krb5-server-1.15.1-19.el7.x86_64
--> Processing Dependency: libkadm5clnt_mit.so.11(kadm5clnt_mit_11_MIT)(64bit) for packag: krb5-server-1.15.1-19.el7.x86_64
--> Processing Dependency: libkadm5srv_mit.so.11()(64bit) for package: krb5-server-1.15.119.el7.x86_64
--> Processing Dependency: libkadm5clnt_mit.so.11()(64bit) for package: krb5-server-1.15.-19.el7.x86_64
--> Running transaction check
---> Package libkadm5.x86_64 0:1.15.1-19.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=========================================================================================
 Package               Arch             Version                   Repository         Size
=========================================================================================
Installing:
 krb5-server           x86_64           1.15.1-19.el7             updates           1.0 M
Updating:
 krb5-libs             x86_64           1.15.1-19.el7             updates           747 k
Installing for dependencies:
 libkadm5              x86_64           1.15.1-19.el7             updates           175 k

Transaction Summary
=========================================================================================
Install  1 Package (+1 Dependent package)
Upgrade  1 Package

Total download size: 1.9 M
Is this ok [y/d/N]: y
Downloading packages:
updates/7/x86_64/prestodelta                                       | 370 kB  00:00:00    
(1/3): krb5-libs-1.15.1-19.el7.x86_64.rpm                          | 747 kB  00:00:00    
(2/3): libkadm5-1.15.1-19.el7.x86_64.rpm                           | 175 kB  00:00:00    
(3/3): krb5-server-1.15.1-19.el7.x86_64.rpm                        | 1.0 MB  00:00:00    
-----------------------------------------------------------------------------------------
Total                                                     2.5 MB/s | 1.9 MB  00:00:00    
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Updating   : krb5-libs-1.15.1-19.el7.x86_64                                         1/4
  Installing : libkadm5-1.15.1-19.el7.x86_64                                          2/4
  Installing : krb5-server-1.15.1-19.el7.x86_64                                       3/4
  Cleanup    : krb5-libs-1.13.2-10.el7.x86_64                                         4/4
  Verifying  : krb5-server-1.15.1-19.el7.x86_64                                       1/4
  Verifying  : libkadm5-1.15.1-19.el7.x86_64                                          2/4
  Verifying  : krb5-libs-1.15.1-19.el7.x86_64                                         3/4
  Verifying  : krb5-libs-1.13.2-10.el7.x86_64                                         4/4

Installed:
  krb5-server.x86_64 0:1.15.1-19.el7                                                     

Dependency Installed:
  libkadm5.x86_64 0:1.15.1-19.el7                                                        

Updated:
  krb5-libs.x86_64 0:1.15.1-19.el7                                                       

Complete!
[laowang@cdh203 ~]$ cat /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 rdns = false
# default_realm = EXAMPLE.COM
 default_ccache_name = KEYRING:persistent:%{uid}

[realms]
# EXAMPLE.COM = {
#  kdc = kerberos.example.com
#  admin_server = kerberos.example.com
# }

[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
[laowang@cdh203 ~]$ cat /var/kerberos/krb5kdc/kdc.conf 
cat: /var/kerberos/krb5kdc/kdc.conf: Permission denied
[laowang@cdh203 ~]$ sudo cat /var/kerberos/krb5kdc/kdc.conf 
[kdcdefaults]
 kdc_ports = 88
 kdc_tcp_ports = 88

[realms]
 EXAMPLE.COM = {
  #master_key_type = aes256-cts
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-mac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5normal des-cbc-crc:normal
 }
[laowang@cdh203 ~]$ sudo vi /etc/krb5.conf
[laowang@cdh203 ~]$ sudo vi /var/kerberos/krb5kdc/kdc.conf 
[laowang@cdh203 ~]$ sudo cd /usr/local/kdb5_util
/bin/cd: line 2: cd: /usr/local/kdb5_util: No such file or directory
[laowang@cdh203 ~]$ /usr/local/kdb5_util create -s -r ENMONSTER.ORG
-bash: /usr/local/kdb5_util: No such file or directory
[laowang@cdh203 ~]$ grep kdb5_util
^C
[laowang@cdh203 ~]$ grep kdb5_util /usr/sbin
grep: /usr/sbin: Is a directory
[laowang@cdh203 ~]$ grep kdb5_util /usr/sbin/*
grep: /usr/sbin/adduser: Permission denied
grep: /usr/sbin/audispd: Permission denied
grep: /usr/sbin/auditctl: Permission denied
grep: /usr/sbin/auditd: Permission denied
grep: /usr/sbin/augenrules: Permission denied
grep: /usr/sbin/autrace: Permission denied
grep: /usr/sbin/build-locale-archive: Permission denied
grep: /usr/sbin/glibc_post_upgrade.x86_64: Permission denied
grep: /usr/sbin/groupadd: Permission denied
grep: /usr/sbin/groupdel: Permission denied
grep: /usr/sbin/groupmems: Permission denied
grep: /usr/sbin/groupmod: Permission denied
grep: /usr/sbin/iprdbg: Permission denied
Binary file /usr/sbin/kadmind matches
Binary file /usr/sbin/kdb5_util matches
Binary file /usr/sbin/kpropd matches
grep: /usr/sbin/lockdev: Permission denied
grep: /usr/sbin/unix_update: Permission denied
grep: /usr/sbin/useradd: Permission denied
grep: /usr/sbin/userdel: Permission denied
grep: /usr/sbin/userhelper: Permission denied
grep: /usr/sbin/usermod: Permission denied
[laowang@cdh203 ~]$ sudo grep kdb5_util /usr/sbin/*
Binary file /usr/sbin/kadmind matches
Binary file /usr/sbin/kdb5_util matches
Binary file /usr/sbin/kpropd matches
[laowang@cdh203 ~]$ /usr/sbin/kdb5_util create -s -r ENMONSTER.ORG
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'ENMONSTER.ORG',
master key name 'K/M@ENMONSTER.ORG'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: 
Re-enter KDC database master key to verify: 
kdb5_util: Permission denied while creating database '/var/kerberos/krb5kdc/principal'
[laowang@cdh203 ~]$ sudo /usr/sbin/kdb5_util create -s -r ENMONSTER.ORG
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'ENMONSTER.ORG',
master key name 'K/M@ENMONSTER.ORG'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key: 
Re-enter KDC database master key to verify: 
[laowang@cdh203 ~]$ cd /var/kerberos/krb5kdc/
[laowang@cdh203 krb5kdc]$ ll
total 24
-rw-------. 1 root root   22 Apr 11 04:29 kadm5.acl
-rw-------. 1 root root  458 Jul  4 11:28 kdc.conf
-rw-------. 1 root root 8192 Jul  4 11:37 principal
-rw-------. 1 root root 8192 Jul  4 11:37 principal.kadm5
-rw-------. 1 root root    0 Jul  4 11:37 principal.kadm5.lock
-rw-------. 1 root root    0 Jul  4 11:37 principal.ok
[laowang@cdh203 krb5kdc]$ sudo /usr/sbin/kadmin.local -q "addprinc admin/admin"
Authenticating as principal root/admin@ENMONSTER.ORG with password.
WARNING: no policy specified for admin/admin@ENMONSTER.ORG; defaulting to no policy
Enter password for principal "admin/admin@ENMONSTER.ORG": 
Re-enter password for principal "admin/admin@ENMONSTER.ORG": 
Principal "admin/admin@ENMONSTER.ORG" created.
[laowang@cdh203 krb5kdc]$ sudo vi /var/kerberos/krb5kdc/kadm5.acl 
[laowang@cdh203 krb5kdc]$ sudo cat /var/kerberos/krb5kdc/kadm5.acl 
*/admin@ENMONSTER.ORG
[laowang@cdh203 krb5kdc]$ service krb5kdc start
Redirecting to /bin/systemctl start  krb5kdc.service
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: root
Password: 
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to start krb5kdc.service: Access denied
[laowang@cdh203 krb5kdc]$ sudo service krb5kdc start
Redirecting to /bin/systemctl start  krb5kdc.service
[laowang@cdh203 krb5kdc]$ sudo service kadmin start
Redirecting to /bin/systemctl start  kadmin.service
[laowang@cdh203 krb5kdc]$ jps
bash: jps: command not found...
[laowang@cdh203 krb5kdc]$ sudo jps
sudo: jps: command not found
[laowang@cdh203 krb5kdc]$ ll
total 32
-rw-------. 1 root root    22 Jul  4 11:43 kadm5.acl
-rw-------. 1 root root   458 Jul  4 11:28 kdc.conf
-rw-------. 1 root root 16384 Jul  4 11:41 principal
-rw-------. 1 root root  8192 Jul  4 11:37 principal.kadm5
-rw-------. 1 root root     0 Jul  4 11:37 principal.kadm5.lock
-rw-------. 1 root root     0 Jul  4 11:41 principal.ok
[laowang@cdh203 krb5kdc]$ cd
[laowang@cdh203 ~]$ sudo cat /var/log/krb5kdc.log 
otp: Loaded
Jul 04 11:44:48 cdh203.enmonster.org krb5kdc[66542](info): setting up network...
krb5kdc: setsockopt(10,IPV6_V6ONLY,1) worked
krb5kdc: setsockopt(12,IPV6_V6ONLY,1) worked
Jul 04 11:44:48 cdh203.enmonster.org krb5kdc[66542](info): set up 4 sockets
Jul 04 11:44:48 cdh203.enmonster.org krb5kdc[66551](info): commencing operation
[laowang@cdh203 ~]$ sudo cat /var/log/kadmind.log 
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66713](info): setting up network...
kadmind: setsockopt(10,IPV6_V6ONLY,1) worked
kadmind: setsockopt(12,IPV6_V6ONLY,1) worked
kadmind: setsockopt(14,IPV6_V6ONLY,1) worked
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66713](info): set up 6 sockets
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66713](Error): /var/kerberos/krb5kdc/kadm5.acl: syntax error at line 1 <*/admin@ENMONSTER.ORG...>
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66763](info): Seeding random number generator
Jul 04 11:45:04 cdh203.enmonster.org kadmind[66763](info): starting
[laowang@cdh203 ~]$ kinit
bash: kinit: command not found...
Similar command is: 'init'
[laowang@cdh203 ~]$ chkconfig krb5kdc on
Note: Forwarding request to 'systemctl enable krb5kdc.service'.
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-unit-files ===
Authentication is required to manage system service or unit files.
Authenticating as: root
Password: 
polkit-agent-helper-1: pam_authenticate failed: Authentication failure
==== AUTHENTICATION FAILED ===
Failed to execute operation: Access denied
[laowang@cdh203 ~]$ sudo chkconfig krb5kdc on
Note: Forwarding request to 'systemctl enable krb5kdc.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/krb5kdc.service to /usr/lib/systemd/system/krb5kdc.service.
[laowang@cdh203 ~]$ sudo chkconfig kadmin on
Note: Forwarding request to 'systemctl enable kadmin.service'.
Created symlink from /etc/systemd/system/multi-user.target.wants/kadmin.service to /usr/lib/systemd/system/kadmin.service.
[laowang@cdh203 ~]$ kinit
bash: kinit: command not found...
Similar command is: 'init'