Date: Tue, 31 May 2005 20:33:38 -0700 (PDT) From: jay alvarez <kerber0sb0y@yahoo.com> To: freebsd-questions@freebsd.org Subject: heimdal on 5.4 Message-ID: <20050601033338.54814.qmail@web32405.mail.mud.yahoo.com>
next in thread | raw e-mail | index | archive | help
--0-966874194-1117596818=:54659
Content-Type: text/plain; charset=us-ascii
Content-Id:
Content-Disposition: inline
Good day,
I've already installed heimdal and was able to run kdc
daemon. Now I'm ready to test everything but.. I'm not
sure if I'm on the right track... Maybe you can help
me.
Here are the actual steps I've committed:
1. install heimdal on a computer which will run
KDC(gaheris)
2. install heimdal on a computer which will run
kerberized applications(gwenever)
2.a install heimdal on a computer which will be the
client requesting a service ticket for use with
gwenever(galahad)
3. edit krb5.conf on gaheris and scp it to gwenever
and galahad
4. create a master key by running kstash and init the
realm...
on gaheris:
# init CAMLANN.PREGI.NET
5. add a service principal for a kerberized ftp that
will be running on gwenever,
on gaheris:
# kadmin -l
kadmin>add ftp/gwenever.camlann.pregi.net
6. then extract its key
kadmin>ext --keytab=/tmp/gwenever.keytab
ftp/gwenever.camlann.pregi.net
7. Now scp this key to /etc of gwenever
scp /tmp/gwenever.keytab user@gwenever:/etc
8. edit gwenever's krb5.conf such that the keytab
says:
default_keytab_name = FILE:/etc/gwenever.keytab
9. edit the inetd.conf such that ftp service is
enabled but the exact path of ftpd executable is
located on /usr/local/heimdal/libexec/ftpd
10. Now on a client machine(galahad)
# kinit ftp/gwenever.camlann.pregi.net
I entered the password and running klist gives me:
Credentials cache: FILE:/tmp/krb5cc_0
Principal:
ftp/gwenever.camlann.pregi.net@CAMLANN.PREGI.NET
Issued Expires Principal
Jun 1 10:33:35 >>>Expired<<<
krbtgt/CAMLANN.PREGI.NET@CAMLANN.PREGI.NET
My BIG question is.. now what??=)
I'm assuming I'm supposed to use the kerberized
clients insided /usr/local/heimdal/bin right? But how?
Am, I on the right track or I am missing something
very important here. How about the kdc.conf?? I
haven't encountered it and yet kdc daemon started
without any error.
I have attached below my complete krb5.conf
I'm running on those three computers I've mentioned
above...
# uname -a
FreeBSD gaheris.camlann.pregi.net 5.4-RELEASE FreeBSD
5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005
root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
i386
my heimdal version is:
heimdal-0.6.4
Thank you very much for your time.
Sincerely,
Mark Jayson Alvarez
Science Research Assistant
Advance Science and Technology
Institute(http://asti.dost.gov.ph
PREGINET(http://www.pregi.net)
Quezon City, Philippines
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________
Discover Yahoo!
Get on-the-go sports scores, stock quotes, news and more. Check it out!
http://discover.yahoo.com/mobile.html
--0-966874194-1117596818=:54659
Content-Type: text/plain; name="krb5.conf"
Content-Description: 3616868485-krb5.conf
Content-Disposition: inline; filename="krb5.conf"
[libdefaults]
default_realm = CAMLANN.PREGI.NET
clockskew = 300
default_keytab_name = FILE:/etc/gwenever.keytab
max_retries = "1 day"
ticket_lifetime = 600
renew_lifetime = "1 day"
scan_interfaces = true
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
CAMLANN.PREGI.NET = {
kdc = gaheris.camlann.pregi.net:88
admin_server = gaheris.camlann.pregi.net
kpasswd_server = gaheris.camlann.pregi.net
default_domain = camlann.pregi.net
}
[domain_realm]
.camlann.pregi.net = CAMLANN.PREGI.NET
[logging]
kdc = FILE:/var/heimdal/logs/krb5kdc.log
admin_server = FILE:/var/heimdal/logs/kadmin.log
default = FILE:/var/heimdal/logs/krb5lib.log
--0-966874194-1117596818=:54659--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050601033338.54814.qmail>