From owner-freebsd-questions Thu Feb 13 11:52:48 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFF8337B401 for ; Thu, 13 Feb 2003 11:52:46 -0800 (PST) Received: from mail.seekingfire.com (coyote.seekingfire.com [24.72.10.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id C4CD143FAF for ; Thu, 13 Feb 2003 11:52:45 -0800 (PST) (envelope-from tillman@seekingfire.com) Received: from blues.seekingfire.prv (blues.seekingfire.prv [192.168.23.211]) by mail.seekingfire.com (Postfix) with ESMTP id 656E01E8; Thu, 13 Feb 2003 13:52:44 -0600 (CST) Received: (from tillman@localhost) by blues.seekingfire.prv (8.11.6/8.11.6) id h1DJtFw28950; Thu, 13 Feb 2003 13:55:15 -0600 Date: Thu, 13 Feb 2003 13:55:15 -0600 From: Tillman To: La Temperanza Cc: questions@FreeBSD.ORG Subject: Re: Help with Kerberos 5 setup Message-ID: <20030213135515.S22957@seekingfire.com> References: <20030213112254.6c59e001.temperanza@softhome.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20030213112254.6c59e001.temperanza@softhome.net>; from temperanza@softhome.net on Thu, Feb 13, 2003 at 11:22:54AM -0800 X-Urban-Legend: There is lots of hidden information in headers Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Feb 13, 2003 at 11:22:54AM -0800, La Temperanza wrote: > Hello, I'm a newbie to Kerberos trying to set it up at the suggestion of the > handbook's "Securing FreeBSD" section. However, the Kerberos section is heavily > biased towards version 4 and I'm not sure if it's leading me on the right track. > I've figured out how to edit krb5.conf to set my realms, boot up kadmind and kdc > in rc.conf, init the database using k5admin and stash my master key. However, > when adding the two principals the handbook says are needed I get a few warning > messages which I'm nervous about. > It looks like all I need to do is add myself in as a client somehow, but I'd > like to be reassured that the handbook's setup instructions for Kerberos 4 > are also the right ones under Kerberos 5. Can anyone do that, or help me through > the correct setup procedure if it's different? No, the instructions are similar but different. If you're using the Heimdal krb5 (part of the base system or via ports), you'll want to read http://www.pdc.kth.se/heimdal/heimdal.html#Setting%20up%20a%20realm. If you're using the MIT krb5 port (what I'm runnign these days, though I started with Heimdal) you'll want to read http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.7/doc/install.html#SEC39. More information on Kerberos that I've collected over time is at http://www.rospa.ca/projects/kerberos/resources.html. Good luck, - Tillman -- Page xxviii: More than any other computer system today, Unix will repay every moment that you spend learning and experimenting. - Harley Hahn, _The Unix Companion_ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message